cross-posted from: https://lemmy.world/post/38929150
Overview here
The new owner of the repo has a fresh github account and apparently has the signing keys from Catfriend1 too.
Time will tell if they are trustworthy, but for the extra paranoid it might make sense to pause updates for a while.
The new repo has two releases in it now. GitHub is silently redirecting to the new repo, even in Obtainium, meaning it’s possible that if you had this previously installed via Obtainium and updated now, you may have apks installed that may or may not contain the changes in the repo.
This is a mess. I deleted the repo from Obtainium (luckily I don’t auto install updates) and will wait to see what happens over the next few months. Might just save my notes in a network share instead of using syncthing from my phone. Idk, notes are all that I was using it for.
Ah fuck!
Edit: After reading more info on the situation it seems like there was no malice, but this has been handled in an outright lousy way, this software has important privileges on the phone and was handled spectacularly bad for an app aimed at people who care about privacy.
However, there was a silver lining here for some of us which was pointed there: The upgrade to version 2 was a potentially breaking one, so they published it in a way that would not upgrade automatically, so lots of people including me still have version 1.30.0.4, and are unable to automatically upgrade, need to do multiple manual steps to get to version 2. I think I’ll wait a bit before upgrading to see how they handle things, OR if there’s a fork by a person with a modicum of common sense.
