this post was submitted on 06 Dec 2025
79 points (98.8% liked)
Asklemmy
51618 readers
1568 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- !lemmy411@lemmy.ca: a community for finding communities
~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I have been following the development from the beginning and the TL;DR is that the original maintainer deleted his repository, and a new maintainer appeared out of thin air, with the original maintainer's signing keys. As of now, I would refrain from updating (the last presumed safe version to be found in the post linked below). In the future, there is a new fork from a trusted packager of the GPlay version of Syncthing-fork which might be the way forward, or one might use another client altogether.
More story: The new maintainer says they got the keys from the original maintainer after agreeing to maintain the application instead of the original maintainer so that the original maintainer can retire. However, the alleged "transition" was done so poorly (more like sketchy as all ...) that the community has mostly decided to, at least for now, not blindly trust the new maintainer as there is no indication from the original maintainer that such a transition was indeed done, and that nothing malicious is going on. Nothing malicious has been found for now, but everything is sketchy as ... Time might help mend the broken trust, but I would say that at this point and with the behaviour of the new maintainer so far, that is somewhat unlikely.
Read more on this in the official Syncthing forum post.
I use syncthing-fork on android, works fine.
What an irresponsible thing to say, "I'm a moron, jump off the bridge with me".
Yeah no shit its fine, just until one day we all wake up with "xz" style exploits because "it works bro, stop caring".
I also use synching-fork for Android. It works fine for me, too.
I like birds.
Yes, but is it secure? Is there something malicious in the code? That's what we're worried about
I really don't like the way these people treated you and me, but it's an issue. I can attest the app is still working, doing its thing, but it's not worth the risk for me. I uninstalled it after reading the state of things in github, basically, the lack of trust to the current maintainer and their unwillingness to deal with this problem whatsoever.
If you still think it's worth for you, enjoy.