• smeg@infosec.pubEnglish
    1·
    6 minutes ago

    What’s wrong with original Syncthing? Why would anyone use a fork?

  • CoyoteFacts@piefed.caEnglish
    2·
    37 minutes ago

    Absolutely not trusting this. Uninstalling until we know more, and ideally just getting a different solution entirely. A new account tried to impersonate Catfriend1 directly at first, and then they switched to researchxxl when someone called it out (both are new accounts). Meanwhile the original Catfriend1 has provided no information about this, and we only have the new person’s word as to what’s going on. There’s way too many red flags here.

  • spacelord@sh.itjust.worksEnglish
    22·
    3 hours ago

    I wouldn’t say it’s only for the extra paranoid, but rather for everyone.

    After reading the whole discussion, it’s clear that the repo transfer was handled in an extremely unorthodox way, at least by usual standards for repo handovers that I’m familiar/experienced with.

    Communication from Catfriend1 was absolutely nonexistent, and there was only minimal info from the person who took over using a GitHub account created just two days ago.

    Trust is something that must be earned, not given to someone you’ve never seen or heard of before.

  • Great Blue Heron@lemmy.caEnglish
    3·
    2 hours ago

    I installed mine from F-Droid. I just went there to turn off updates and it doesn’t exist. I have not been paying attention so it may have been gone for ages and not related?

  • ultranaut@lemmy.worldEnglish
    271·
    6 hours ago

    Not sure if I qualify as extra paranoid but this whole situation feels very sketchy and has me reconsidering my use of syncthing. Making significant changes like this without any explanation is extremely bad practice.

    • tychosmoose@lemmy.worldEnglish
      1·
      1 hour ago

      Same here. It was already a little bit concerning that I was relying on a smaller fork to get syncthing on Android. It was on my to do list to figure out options. Now it’s at the top of the list, and I’m not doing updates for the time being on Android. That’s almost the entirety of my reliance on syncthing - phone to PC sync. I don’t really need it that much for sync between PCs.

    • unexposedhazard@discuss.tchncs.deEnglish
      351·
      6 hours ago

      has me reconsidering my use of syncthing

      This is about a third party piece of software that isnt directly related to syncthing. The devs of syncthing have however been recommending syncthing-fork as their choice for android, so it definitely needs clearing up.

      • chaospatterns@lemmy.worldEnglish
        4·
        1 hour ago

        We’re sort of in this situation because the official project decided not to continue providing an official Android app, yet people want to use it on Android forcing unofficial versions to be created and maintained.

        I get that they don’t want to deal with Google Play anymore, but somebody has to deal with it and them not owning the app is putting users at risk.

        • hersh@literature.cafeEnglish
          3·
          1 hour ago

          I get that they don’t want to deal with Google Play

          Was that the reason? Shame they didn’t just leave it on F-Droid and GitHub then. Nobody needs to use Google Play (at least not yet…)

          • chaospatterns@lemmy.worldEnglish
            1·
            36 minutes ago

            https://forum.syncthing.net/t/discontinuing-syncthing-android/23002

            According to this post, it was partly that and lack of maintainers. Given there’s maintainers for a fork, I’m curious why they didn’t bring them into the main project.

            Reason is a combination of Google making Play publishing something between hard and impossible and no active maintenance. The app saw no significant development for a long time and without Play releases I do no longer see enough benefit and/or have enough motivation to keep up the ongoing maintenance an app requires even without doing much, if any, changes.

  • BackgrndNoize@lemmy.worldEnglish
    6·
    5 hours ago

    My policy with open source projects like these is to fork the repo and only bring in upstream updates when I’m certain it’s safe and necessary

    • Serinus@lemmy.worldEnglish
      6·
      2 hours ago

      Which is just as risky as instantly updating unless you’re really closely keeping an eye on which updates are security related.

    • kokomo@lemmy.kokomo.cloudEnglish
      2·
      4 hours ago

      that’s probably what I might do and build apks myself with forgejo. and/or pull in nel0x’s fork instead and build from his code.