Key handover in the dark: Syncthing fork community raises alarm (www.heise.de)

submitted 1 week ago by redd@discuss.tchncs.de to c/fdroid@lemmy.ml

21 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] sylver_dragon@lemmy.world 17 points 1 week ago* (last edited 1 week ago)

While it's probably fine, it's also worth remembering the FBI's Operation Trojan Shield happened. Similar state sponsored APTs would be very happy to get into such a privileged position.

[-] CandleTiger@programming.dev 19 points 1 week ago

I really don’t see why there are so many people around saying “it’s probably fine”

In my personal opinion shit like this is probably not fine at all.

[-] leobluefish@lemmy.world 6 points 1 week ago

For me that's an uninstall unfortunately and looking for another solution at the moment.

[-] eldavi@lemmy.ml 3 points 1 week ago

is it because it's onerous to read the source?

[-] CandleTiger@programming.dev 6 points 6 days ago

Yes. It’s very very hard to read the source and know there’s no security bug in it. That’s 10x truer when the security bugs are potentially on purpose, and carefully hidden.

[-] eldavi@lemmy.ml 1 points 6 days ago

i would run a diff on the previous version compared to the current one.

load more comments (4 replies)

this post was submitted on 09 Dec 2025

80 points (100.0% liked)

F-Droid

9931 readers

3 users here now

F-Droid is an installable catalogue of FOSS (Free and Open Source Software) applications for the Android platform. The client makes it easy to browse, install, and keep track of updates on your device.

Website | GitLab | Mastodon

Matrix space | forum | IRC

founded 4 years ago

MODERATORS

fossdd@lemmy.ml

testman@lemmy.ml