115
The Syncthing Android drama is exploding (mastodon.pirateparty.be)
submitted 3 days ago by Blaze@piefed.zip to c/android@lemdro.id
33 comments fedilink hide all child comments

@fdroidorg at this point is being used to push out an app with sensitive permissions that's been taken over by an unknown individual who refuses to engage with its large community of users and developers.

I STRONGLY recommend disabling updates from Fdroid, if not uninstalling and manually installing 2.0.11.2, or installing the Google Play version which has a different maintainer.

this is extremely shady and it's just looking worse as time goes on. I'll link to the Syncthing forum thread from about where I left off last time in a subsequent post.

you are viewing a single comment's thread
view the rest of the comments
[-] sabreW4K3@lazysoci.al 5 points 3 days ago

Catfriend was actively openly looking for a replacement for ages and couldn't find one. No one was stepping up. When she eventually found someone, suddenly everyone wants to have a say. What was she supposed to do, put her life and mental health on hold until the community that wasn't helping maintain the project, vetted the replacement she found? I don't know how people can't see that their expectations are out of whack here. As I said before, if any one of the people who are whipping up the storm had stepped up to takeover, there'd somewhat of point to this, but that's not happening. It's just pitchforks for the sake of pitchforks.

[-] leetnewb@beehaw.org 3 points 1 day ago

I don't think this framing is completely accurate. nel0x, one of the people stepping up to maintain a fork, made reasonable requests to researchxxl that were ignored and denied. Basic stuff like "can you join the official syncthing forum". Trust is incredibly important when you are taking over distribution of an existing app, let alone one that has permissions to your filesystem and can push changes to other devices through NAT/firewalls. Processes to develop trust can be tying your online identity to real life identity, and/or being a visible, contributing member of a community over time. A transparent handover process would also be important. None of those conditions for trust were met and auto installed updates were pushed.

[-] Lfrith@lemmy.ca 11 points 3 days ago* (last edited 3 days ago)

It's just the process of the handover that is making people skittish with the github going private then reappearing with a new maintainer.

I think best route would have been for researchxxl to just fork syncthing-fork to put on F-droid, and catfriend1 just leave their branch archived with an endorsement of researchxxl.

After some time passes and researchxxl gains trust in the community I'm sure people will trust their work. The transition just wasn't handled well.

[-] Marcus@scribe.disroot.org 3 points 1 day ago* (last edited 1 day ago)

Exactly; would have been much cleaner. The recent update to v2 already required migrating one's config. So doing it again (now knowing the process) to such new "fork-fork" would've been a no-brainer.

But the whole situation has a more critical aspect than this technical issue: the new dev's appearance out of nowhere, lack of reasonable communication, and arrogance.

this post was submitted on 09 Dec 2025
115 points (100.0% liked)

Android

20793 readers
27 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

🔗Universal Link: !android@lemdro.id

💡Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.

Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

💬Matrix Chat

💬Telegram channels / chats

📰Our communities below

Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More

founded 2 years ago
MODERATORS
ijeff@lemdro.id
ladfrombrad@lemdro.id
Paradox@lemdro.id
multimoon@lemdro.id
mikestevens@lemdro.id
Devgard@lemmy.world
limerod@reddthat.com
Netrunner@lemdro.id