@nazokiyoubinbou @fdroidorg yes, I was referring to linsui's response on the ticket. I don't know what their position within F-Droid is but they and Licaon_Kter are acting as the de facto face of F-Droid in that Gitlab issue. IMO it's worth noting these are the same two who responded flippantly and dismissively in a major controversy about F-Droid marking Bible and Quran apps "NSFW" and hiding them from search a couple months ago, and they are now responding dismissively here. their pattern of behavior does not help build trust in F-Droid.

anyway, my interpretation of what's going on:

1. #Syncthing does not maintain an Android app which most people use, and instead leaves this up to random enthusiasts for better or for worse

2. Catfriend1 was the random enthusiast who maintained the Android app Syncthing-Fork; nel0x is the random enthusiast who maintains the Android app on Google Play

3. A couple weeks ago Catfriend1 seemingly disappeared without a trace and a brand-new entity named researchxxl popped up controlling the Syncthing-Fork Github repo and claiming that Catfriend1 had passed the development torch to them, while providing no evidence that this was true beyond their control of the signing key

4. When people started raising concerns given Syncthing-Fork's direct access to user data, researchxxl got defensive, provided a number of non-answers, locked Github issues, and did not join the Syncthing forum despite repeated requests

5. When people started raising concerns given Syncthing-Fork's direct access to user data, #FDroid contributors were dismissive and stated that waiting for evidence that malicious code had been shipped was their preferred approach

6. Some users as a result have understandably decided that the Syncthing-Fork app on F-Droid can't be trusted

7. Some users as a result may be questioning the judgement of F-Droid contributors

all I can say at this point is, if this "researchxxl" person ships malicious code to thousands of devices via @fdroidorg after #Fdroid dismissed as "FUD" the repeated warnings from community members that something suspicious may be going on, and then they get sued as a result of impacts from that, they're gonna be on the hook for legal fees regardless of whether or not they win the cases 🤷

extremely tone-deaf initial response from @fdroidorg in this issue:

https://gitlab.com/fdroid/fdroiddata/-/issues/3712

at this point I have to conclude that the @GrapheneOS guy has a point that #Fdroid can't be fully trusted as a software source

Welche F-Droid-App (bzw. quelloffene App) kennt ihr, die großartig ist, aber kaum jemand auf dem Schirm hat? Exotisch, nischig, unterschätzt – egal, Hauptsache spannend. Stellt hier eure Geheimtipps vor! 👇

/kuk

#android #fdroid

@nazokiyoubinbou @fdroidorg yes, I was referring to linsui's response on the ticket. I don't know what their position within F-Droid is but they and Licaon_Kter are acting as the de facto face of F-Droid in that Gitlab issue. IMO it's worth noting these are the same two who responded flippantly and dismissively in a major controversy about F-Droid marking Bible and Quran apps "NSFW" and hiding them from search a couple months ago, and they are now responding dismissively here. their pattern of behavior does not help build trust in F-Droid.

anyway, my interpretation of what's going on:

1. #Syncthing does not maintain an Android app which most people use, and instead leaves this up to random enthusiasts for better or for worse

2. Catfriend1 was the random enthusiast who maintained the Android app Syncthing-Fork; nel0x is the random enthusiast who maintains the Android app on Google Play

3. A couple weeks ago Catfriend1 seemingly disappeared without a trace and a brand-new entity named researchxxl popped up controlling the Syncthing-Fork Github repo and claiming that Catfriend1 had passed the development torch to them, while providing no evidence that this was true beyond their control of the signing key

4. When people started raising concerns given Syncthing-Fork's direct access to user data, researchxxl got defensive, provided a number of non-answers, locked Github issues, and did not join the Syncthing forum despite repeated requests

5. When people started raising concerns given Syncthing-Fork's direct access to user data, #FDroid contributors were dismissive and stated that waiting for evidence that malicious code had been shipped was their preferred approach

6. Some users as a result have understandably decided that the Syncthing-Fork app on F-Droid can't be trusted

7. Some users as a result may be questioning the judgement of F-Droid contributors

all I can say at this point is, if this "researchxxl" person ships malicious code to thousands of devices via @fdroidorg after #Fdroid dismissed as "FUD" the repeated warnings from community members that something suspicious may be going on, and then they get sued as a result of impacts from that, they're gonna be on the hook for legal fees regardless of whether or not they win the cases 🤷

extremely tone-deaf initial response from @fdroidorg in this issue:

https://gitlab.com/fdroid/fdroiddata/-/issues/3712

at this point I have to conclude that the @GrapheneOS guy has a point that #Fdroid can't be fully trusted as a software source

Welche F-Droid-App (bzw. quelloffene App) kennt ihr, die großartig ist, aber kaum jemand auf dem Schirm hat? Exotisch, nischig, unterschätzt – egal, Hauptsache spannend. Stellt hier eure Geheimtipps vor! 👇

/kuk

#android #fdroid

I don't trust syncthing-fork anymore.

1. App ID changed with version 2.x, seemingly for no reason.

2. catfriend1, the original maintainer has disappeared with no public announcement.

3. Apparently the Play signing keys were transferred to a Github user with a 5 day old account.

4. The old repo does redirect to this new user's repo.

It could be benign and another case of FOSS devs "moving on," quietly. But my paranoia prevails.

https://github.com/researchxxl/syncthing-android/issues/16
#syncthing #privacy #security #fdroid

Also, installing the f-droid apps store on my phone is literally changing my life. Having access to a curated ecosystem of open source androids apps is heavenly. That glorious feeling when software puts the user first.

#fdroid #android #lifehack

В fdroid теперь надо самостоятельно устанавливать репозитории? Раньше при установке были приложения.

#fdroid

@rur @russian_mastodon @Russia

Also, installing the f-droid apps store on my phone is literally changing my life. Having access to a curated ecosystem of open source androids apps is heavenly. That glorious feeling when software puts the user first.

#fdroid #android #lifehack

Apparemment quand on installe #Firefox depuis #FDroid on ne peut pas installer d'extensions autres que celles recommandées par Firefox?

C nul...

Si vous trouvez votre application 🖼️ "gallerie" de votre téléphone un peu basique, vous pouvez essayer celle-ci : #Gallery

Elle est gratuite sur #Fdroid , payante sur le Google play store #Cheh

Si votre téléphone est un peu ancien, vous pouvez peut-être supprimer l'option: "animer les éléments médias" et le "flou artistique" dans les options "personnalisation".

https://f-droid.org/fr/packages/com.dot.gallery/

https://github.com/IacobIonut01/Gallery

If you're concerned about the state of #FreeSoftware on #Android and projects like #FDroid and #Termux, please sign the petition to stop Google from limiting APK usage: https://www.change.org/p/stop-google-from-limiting-apk-file-usage

Reason 5: in July of this year, copilot-instructions.md appeared, and commits from GitHub Copilot were allowed.

Does @fdroidorg have a stance on the usage of Copilot or GenAI code?

https://github.com/researchxxl/syncthing-android/commits/main/.github/copilot-instructions.md
#AI #copilot #foss #genai #syncthing #syncthingfork #privacy #security #fdroid

If you're concerned about the state of #FreeSoftware on #Android and projects like #FDroid and #Termux, please sign the petition to stop Google from limiting APK usage: https://www.change.org/p/stop-google-from-limiting-apk-file-usage

@tartley @andreiu I've definitely stopped installing #SyncthingFork updates from #Fdroid for now, and tbh @fdroidorg should probably have eyes on this