As mentioned, the F-Droid server would distribute the very same APKs that are hosted by Hootan on Google Drive, untouched.Why ? It would not be an official release, just another unknown middleman to trust for no good reason -- and without the developer having approved this distribution method.
Someone is already doing a similar thing through a Magisk module and it's been causing nothing but problems, sending people to Hootan's mail or this thread just to be told : uninstall that and install it from the proper, sanctioned sources; XDA, MiX's site, Play Store. We certainly don't lack options.
Which you'll be easily able to verify, by the way : for sure you already have MiX installed, from the same APKs I'm talking about, i.e. digitally signed by Hootan, which means your device, by secure design, will refuse to install an update that does not carry the same digital signature.
Meanwhile if I maliciously modify the APK, then the signature will be modified as well.
For more info : https://source.android.com/docs/security/features/apksigning