Too bad I read this only now. I may have already updated the original app to v.1.28.1 Just seen that on Android you only have access to syncthing-fork now. Moved over to syncthing-fork and realised you cant import the config. Its expecting a zip file yet v.1.28.1 expoted loads of individual files. :-(
I have been following the development from the beginning and the TL;DR is that the original maintainer deleted his repository, and a new maintainer appeared out of thin air, with the original maintainer’s signing keys. As of now, I would refrain from updating (the last presumed safe version to be found in the post linked below). In the future, there is a new fork from a trusted packager of the GPlay version of Syncthing-fork which might be the way forward, or one might use another client altogether.
More story: The new maintainer says they got the keys from the original maintainer after agreeing to maintain the application instead of the original maintainer so that the original maintainer can retire. However, the alleged “transition” was done so poorly (more like sketchy as all …) that the community has mostly decided to, at least for now, not blindly trust the new maintainer as there is no indication from the original maintainer that such a transition was indeed done, and that nothing malicious is going on. Nothing malicious has been found for now, but everything is sketchy as … Time might help mend the broken trust, but I would say that at this point and with the behaviour of the new maintainer so far, that is somewhat unlikely.
Read more on this in the official Syncthing forum post.
I use syncthing-fork on android, works fine.
Yes, but is it secure? Is there something malicious in the code? That’s what we’re worried about
I really don’t like the way these people treated you and me, but it’s an issue. I can attest the app is still working, doing its thing, but it’s not worth the risk for me. I uninstalled it after reading the state of things in github, basically, the lack of trust to the current maintainer and their unwillingness to deal with this problem whatsoever.
If you still think it’s worth for you, enjoy.
What an irresponsible thing to say, “I’m a moron, jump off the bridge with me”.
Yeah no shit its fine, just until one day we all wake up with “xz” style exploits because “it works bro, stop caring”.
I also use synching-fork for Android. It works fine for me, too.
I like birds.
For anyone who’s confused:
syncthing-forkis the Android client. Not the main repository.why did they call it a fork? was there another syncthing on android before?
Yes, there was an official Android client made by the same devs as the official desktop client. After the official devs decided to stop development on the Android client, some other dev forked it to keep up development.
The devs for desktop Syncthing were different from the Syncthing-Android devs. There was some collaboration but in the end the development was mostly separate. Source: I made syncthing-android.
not really, i believe syncthing-fork existed even back when official syncthing supported android.
Yep, this is correct. It started as a “friendly fork” that added a few quality-of-life features that the official version didn’t have.
Does this apply to the google play version?
Yes.
Sorry, I’ve no idea. I don’t use the mobile versions. I was just confused on what was going on
