the #Syncthing Android drama is exploding.
Uncategorized
7
Posts
3
Posters
5
Views
-
the #Syncthing Android drama is exploding.
https://github.com/researchxxl/syncthing-android/issues/16
@fdroidorg at this point is being used to push out an app with sensitive permissions that's been taken over by an unknown individual who refuses to engage with its large community of users and developers.
I STRONGLY recommend disabling updates from Fdroid, if not uninstalling and manually installing 2.0.11.2, or installing the Google Play version which has a different maintainer.
this is extremely shady and it's just looking worse as time goes on. I'll link to the Syncthing forum thread from about where I left off last time in a subsequent post.
-
the #Syncthing Android drama is exploding.
https://github.com/researchxxl/syncthing-android/issues/16
@fdroidorg at this point is being used to push out an app with sensitive permissions that's been taken over by an unknown individual who refuses to engage with its large community of users and developers.
I STRONGLY recommend disabling updates from Fdroid, if not uninstalling and manually installing 2.0.11.2, or installing the Google Play version which has a different maintainer.
this is extremely shady and it's just looking worse as time goes on. I'll link to the Syncthing forum thread from about where I left off last time in a subsequent post.
@fdroidorg you need to think about whether you want to continue being a distribution channel for this app until this is resolved
-
@fdroidorg you need to think about whether you want to continue being a distribution channel for this app until this is resolved
extremely tone-deaf initial response from @fdroidorg in this issue:
https://gitlab.com/fdroid/fdroiddata/-/issues/3712
at this point I have to conclude that the @GrapheneOS guy has a point that #Fdroid can't be fully trusted as a software source
-
extremely tone-deaf initial response from @fdroidorg in this issue:
https://gitlab.com/fdroid/fdroiddata/-/issues/3712
at this point I have to conclude that the @GrapheneOS guy has a point that #Fdroid can't be fully trusted as a software source
-
all I can say at this point is, if this "researchxxl" person ships malicious code to thousands of devices via @fdroidorg after #Fdroid dismissed as "FUD" the repeated warnings from community members that something suspicious may be going on, and then they get sued as a result of impacts from that, they're gonna be on the hook for legal fees regardless of whether or not they win the cases 🤷
-
undefined oblomov@sociale.network shared this topic on
-
the #Syncthing Android drama is exploding.
https://github.com/researchxxl/syncthing-android/issues/16
@fdroidorg at this point is being used to push out an app with sensitive permissions that's been taken over by an unknown individual who refuses to engage with its large community of users and developers.
I STRONGLY recommend disabling updates from Fdroid, if not uninstalling and manually installing 2.0.11.2, or installing the Google Play version which has a different maintainer.
this is extremely shady and it's just looking worse as time goes on. I'll link to the Syncthing forum thread from about where I left off last time in a subsequent post.
@surfhosting @fdroidorg has anything actually happened or is this just dogpiling on a new maintainer for... reasons?
-
@surfhosting @fdroidorg has anything actually happened or is this just dogpiling on a new maintainer for... reasons?
@ROllerozxa The ownership handover has been extremely suspicious, unannounced, and totally uncommunicative. This is an app to which users trust all their most intimate files, precisely because they don't want to hand them over to corporate servers. If I were trying to make the handover look like a bad actor had bribed or blackmailed the original developer into handing over the keys, I couldn't have done a better job than this dude.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
(Dropping Risotto Bias who got in the middle of a conversation they didn't actually want to be in)
-
@ferrante @giornalismo meloni incapace libera solo Chico Forti
-
@phillycodehound thank you! She's been resting for some days and she's definitely in a better shape.
-
@soatok @benpate @risottobias @bonfire how about we all work together to make everything better?
-
@benpate @risottobias @bonfire But for posterity:
https://github.com/soatok/mastodon-e2ee-specification
I started this in 2022 and then shifted gears to Key Transparency with the intent to switch back once that problem was solved. KT slots neatly into the "Federated PKI" vacancy on the 2022 repo
-
-
@benpate @risottobias @bonfire I think you misunderstood.
I'm suggesting that the decision to not include secure public key management will tie your hands to support whatever insecure thing you're doing now for the sake of backwards compatibility, so I'm probably better off working on my own thing than trying to participate.
-
Il libro è sottile (una novantina di pagine), ma fitto. Lo firma Tommaso Codignola e si intitola: La civiltà dell’eccesso, sottotitolo: Curare l’anima nell’epoca della quantità (Edizioni di Storia e Letteratura).
#libri #letteratura
https://www.doppiozero.com/leccesso-del-presente
