I mean, you are right in this sense I guess. I see this topic from the POV of an arch user in the original sense: I installed the OS myself and made concious decisions about how I built up my OS, I by default read the wiki, I know why and how I do what in my system installation. From my POV it is obvious that there is no problem here. But maybe due to the rise of the user friendly arch-based OS-es (which is an oxymoron in my opinion) the current state of the OS should be reevaluated.

In the end, my opinion still is that if you use tools like yay, you are probably not the target audience, and maybe got lured into using arch due to the memes or stigma. Maybe the entry barrier should be lifted in the sense that for example the AUR and archinstall are split off the project into their separate own thing. Weird situation IMO…

The arch wiki page for the AUR has a big, vibrant red box in the intro section stating:

Warning AUR packages are user-produced content. These PKGBUILDs are completely unofficial and have not been thoroughly vetted. Any use of the provided files is at your own risk.

If you have ever installed something through the AUR in the intended way, you would know that it does not involve running the package manager tool until the very last step. You need to git checkout the package recipe, build it. This is clearly what the post you are answering to meant by “not part of the arch linux repositories”.

I don’t want to fault you, I just want to point out that Hyprland is in version 0.x. It’s essentially in development. Expecting software in alpha phase to be backwards compatible is a bit unrealistic :) If you enjoyed it that much, come back to it in a few years once it comes out of development phase (if ever…)

I should have been clearer with the intent of my post. The intent was more along the lines of asking people to help point out to me some detail on the topic which I might have missed, because this loophole seems to be too obvious and dangerous to FOSS…

As the EUPL FAQ (written by EU lawyers) also points out, Directive EC 2009/24 states in point 15:

Nevertheless, circumstances may exist when such a reproduction of the code and translation of its form are indispensable to obtain the necessary information to achieve the interoperability of an independently created program with other programs. It has therefore to be considered that, in these limited circumstances only, performance of the acts of reproduction and translation by or on behalf of a person having a right to use a copy of the program is legitimate and compatible with fair practice and must therefore be deemed not to require the authorisation of the rightholder. An objective of this exception is to make it possible to connect all components of a computer system, including those of different manufacturers, so that they can work together.

However, there is a last sentence in this point, which I only realised now that it might be the answer to my question! So good that you questioned it.

Such an exception to the author’s exclusive rights may not be used in a way which prejudices the legitimate interests of the rightholder or which conflicts with a normal exploitation of the program.

Maybe in court the exploitative nature of the hypothetical in my post would be covered by this. Though, this moves the matter towards some gray zone, where the question is where the line of explotiation lies. Is a plugin system, where by default the software functions as before, but functionality can be expanded with “premium” plugins that make algorithms in the software more precise or fast considered exploitative?

It might be not this simple in case of notification providers, the notifications are somehow sent in the name of the app I guess. And don’t forget: in general, this principle is true for most of your apps that send notifications. I.e. if you are getting Signal or Facebook notifications, it uses the same principle.

Btw, google is not the only notification service for android. Check up on Unified Push, there are many alternatives to do this, and there are some apps that support these alternatives in their non-play-store builds.

In general, notifications on Android don’t go through apps, that would require apps to run all the time and consume too much battery. They instead are going through a notification provider (google in the default case). This is why your notifications arrive, but you have no other connections to your HA.

Edit for clarification: HA uploads it to google servers (which of course doesn’t need port forwarding) and your phone then polls them from google.