selfhosting.couchsurfing (@[email protected])
mastodon.pirateparty.be
the #Syncthing Android drama is exploding. https://github.com/researchxxl/syncthing-android/issues/16 @[email protected] at this point is being used to push out an app with sensitive permissions that's been taken over by an unknown individual who refuses to engage with its large community of users and developers. I STRONGLY recommend disabling updates from Fdroid, if not uninstalling and manually installing 2.0.11.2, or installing the Google Play version which has a different maintainer. this is extremely shady and it's just looking worse as time goes on. I'll link to the Syncthing forum thread from about where I left off last time in a subsequent post. #SyncthingFork #SyncthingAndroid

@fdroidorg at this point is being used to push out an app with sensitive permissions that’s been taken over by an unknown individual who refuses to engage with its large community of users and developers.

I STRONGLY recommend disabling updates from Fdroid, if not uninstalling and manually installing 2.0.11.2, or installing the Google Play version which has a different maintainer.

this is extremely shady and it’s just looking worse as time goes on. I’ll link to the Syncthing forum thread from about where I left off last time in a subsequent post.

  • Eager Eagle@lemmy.worldEnglish
    70·
    2 days ago

    TL;DR: the original fork of Syncthing under the GitHub user Catfriend1 vanished without any clarifications from them to the community. Recently, another GitHub user researchxxl acquired the release keys and published a new version v2.0.12.1:

    Shortly after the repo was moved to a brand new account ‘researchxxl’ who was not able to properly explain how or why the repo was handed over to them nor why the original maintainer handed over the release key to them. Or why the original maintainer did not bother communicating this to the community in advance.

    The new version v2.0.12.1 under researchxxl seems to be free of malicious code, and the repo has reproducible builds.

    Since the whole situation is a bit sketchy, some are advocating for the F-droid account to be locked and any release after v2.0.11.2 to be purged.

    Update: it seems that as of a few hours ago, Catfriend1 broke the silence and confirmed the transfer to researchxxl:

    Therefore, I did hand over all my stuff to my inheritant @researchxxl inluding the com.github.catfriend1* apps, digital signing material and wish them the best to fulfill the mission of carrying on the Syncthing-Fork app. :woman_technologist: We have met in online gaming and developing modding code together for a level that tells the story of a research station attacked by some alien-like monsters. Two players do have to cooperate on fixing electrical devices, a low power emitting nuclear reactor and avoiding a bath in acid. If you stumble upon the game, say hello to us during our test sessions. :slightly_smiling_face:

    https://forum.syncthing.net/t/does-anyone-know-why-syncthing-fork-is-no-longer-available-on-github/25661/165

    • Pika@sh.itjust.worksEnglish
      1·
      3 hours ago

      as an ammendum to this comment edit, catfriend edited the post linked and added this to the end

      Edit: Regarding @nel0x , they did not have any history with the Syncthing (Android) project nor an expressive public profile when they applied to take over the Google Play Store entry in Feb 2025. I accepted this and transferred - believing in good will and we agreed on their task to be publishing what was on my repository to Google Play after their review. If they now desire to make their own app, there is, unfortunately no way to clean up the confusion caused if it is called the same other than kindly asking them to rename it.

    • phonics@lemmy.worldEnglish
      511·
      2 days ago

      The second half of Catfriends response is so…strange. Like there is a code in there somehow. Like when captive soldiers blink morse code to signal theyre in danger on a terrorist video. Thats how it feels to me anyway.

      • Lka1988@lemmy.dbzer0.comEnglish
        422·
        2 days ago

        Or they’re just autistic and not good at communication.

        Shit happens, and while the initial transfer was sketchy, everything I read from the new maintainer appeared to be in good faith.

          • Lka1988@lemmy.dbzer0.comEnglish
            25·
            2 days ago

            Ok, I poked through that thread and a few other linked threads…

            Big yikes. It definitely took a turn downhill. And posting what is essentially a “cease and desist” on nel0x’s repo over the name without actually trying to do things properly.

            I’ll start using nel0x’s fork instead once he starts putting up non-gplay builds.