this post was submitted on 18 Nov 2025
41 points (100.0% liked)

Opensource

4671 readers
131 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
41
PSA syncthing-fork has changed owners (lemmy.today)
submitted 1 month ago* (last edited 1 month ago) by AmbiguousProps@lemmy.today to c/opensource@programming.dev
3 comments fedilink hide all child comments
 

cross-posted from: https://lemmy.world/post/38929150

Overview here

https://forum.syncthing.net/t/does-anyone-know-why-syncthing-fork-is-no-longer-available-on-github/25661/39

The new owner of the repo has a fresh github account and apparently has the signing keys from Catfriend1 too.

Time will tell if they are trustworthy, but for the extra paranoid it might make sense to pause updates for a while.

The new repo has two releases in it now. GitHub is silently redirecting to the new repo, even in Obtainium, meaning it's possible that if you had this previously installed via Obtainium and updated now, you may have apks installed that may or may not contain the changes in the repo.

This is a mess. I deleted the repo from Obtainium (luckily I don't auto install updates) and will wait to see what happens over the next few months. Might just save my notes in a network share instead of using syncthing from my phone. Idk, notes are all that I was using it for.

you are viewing a single comment's thread
view the rest of the comments
[–] davidgro@lemmy.world 5 points 1 month ago (1 children)

Doesn't Android prevent updates with a different key than is already installed?

[–] AmbiguousProps@lemmy.today 5 points 1 month ago* (last edited 1 month ago)

It does, I think I'm a bit confused here. I think the apks may be signed with the original key from the previous repo, but that key doesn't necessarily have to line up with what's in the GitHub repo since a lot of the repo tasks were removed or changed. I'll edit my post, but this kind of highlights how messy this handover was, and how confusing it is to users (myself included).

This isn't something you'd really want to mess with, since typically it has full filesystem access.