- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
@fdroidorg at this point is being used to push out an app with sensitive permissions that’s been taken over by an unknown individual who refuses to engage with its large community of users and developers.
I STRONGLY recommend disabling updates from Fdroid, if not uninstalling and manually installing 2.0.11.2, or installing the Google Play version which has a different maintainer.
this is extremely shady and it’s just looking worse as time goes on. I’ll link to the Syncthing forum thread from about where I left off last time in a subsequent post.
Better safe than sorry.
Also, from what i just read, he seems to be playing dumb in some of his answers, while also repeatedly ignoring important questions and closing the issue because “too heated”.
In one issue (from 3 days ago) he also asks, kinda angry, if people want to see the chat he had with the previous maintainer before receiving ownership of the repo, but in the next comments he says he didn’t save that chat as screenshots.
Like… WUT??
I started reading thinking it was just people being too cautious, but now I’m sure the guy is full of shit and I would expect the worse to have happened here, honestly.
Even when well meaning sometimes malicious code can slip through like with smarttubenext due to a compromised machine.
So I think people forget that just because something is foss doesn’t mean it is automatically safe and caution can be thrown to the wind. Skepticism and being overcautious is still good practice before installing things.
I like to wait a while before installing new updates just to see if anything is caught by the community to try to reduce potential risk.