Catfriend1
please report unauthorized use of our appid here
Description of the issue
na
Steps to reproduce
anyone is allowed and welcome to work with the codebase but do NOT reuse our app id com.github.catfriend1.syncthingfork if you do your own releases
- https://github.com/nel0x/syncthing-android/issues/1
the original app is signed and protected by the key which i was authorized to use from the original author
D3:74:B8:DE:50:57:1:31:43:C7:D1:51:5A:1:55:98:C2:DF:40:3B:E8:16:C:AE:1:A5:8C:22:7E:6E:86:AA
more details can be read here https://github.com/researchxxl/syncthing-android/blob/main/wiki/Switch-between-releases_Verify-APK-is-genuine.md
App version
na
App install source - see wiki for details on release channels
GitHub or F-Droid release build
Android version
na
ROM vendor
na
Device manufacturer
No response
Device model
No response
Device platform info (optional)
Android log (logcat)
Hi @researchxxl, thanks for taking over the work of the original author.
the original app is signed and protected by the key which i was authorized to use from the original author
Can you prove it so that the community can trust you?
@Otiel just pull the apk from fdroid or github and compare the signature take some older apk and compare again it is the signature catfriend gave me along with the repo
The question is can you prove your were authorized. Possession of the credentials is not proof of authorization.
That would only prove you have the signature, not that Catfriend1 authorized you to use it.
If he gave it to you along with the repository, surely there should be some form of communication between you too that you can share (e.g with screenshots)?
This would be a first good step for the community to trust you.
maybe also reconsider what catfriend had in his readme for months this year and i removed after the takeover.. https://github.com/researchxxl/syncthing-android/commit/cf4714bc9d07d49b7956ad24cb2458aa6e188baa#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L17
nel0x seemed to have appeared from nowhere the same as me now i did not expect that many trust questions because 100 thousands of users blindly downloaded their google play releases and i also noticed these days nel0x still uses the old catfriend signing key looking at their store release artifacts why did no one ask them??
i do not like to offend but say we are in the same situation tldr; nel0x and i seem to have inherited the same app with different tasks and if some one is to blame imo it is catfriend who just told me carry on with the source maintainership while nel0x takes care of google play because they do not code
they seemed to solely rely on that we join up together and do the right thing which is now failed as nel0x denied to work together like they did it with catfriend
@Otiel you like to see our chat about the transition?? would that really help you if i post it?? well i can do so but the someone else might say i made this up :/
None of the statements you have made are compelling enough to grant you trust. Exactly zero effort has gone into assuaging the fear of the community you inherited.
As much as you may not want it to be true, that is what you inherited, not just source code. If there are 100,000 installations of the app then you should take significantly more care and try to understand the implications of your and Catfriend's opacity in this whole transition. Shutting down every inquiry about the validity of your claims just makes you appear to be a bad actor.
maybe also reconsider what catfriend had in his readme for months this year and i removed after the takeover.. cf4714b#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5L17
I do not deny Catfriend1 has been looking for someone to take over. 👍
and i also noticed these days nel0x still uses the old catfriend signing key looking at their store release artifacts why did no one ask them??
You are right we should be asking the same of @nel0x. As to why we do not, I believe because there's already a trust established between him and the community due to his past work on the project, and mainly thanks to his communication. We cannot same the say for you unfortunately.
you like to see our chat about the transition?? would that really help you if i post it?? well i can do so but the someone else might say i made this up :/
That would be a first step indeed. Of course you could make up some screenshots, but it would be better than nothing.
@researchxxl I took care of the ID: https://github.com/nel0x/syncthing-android/issues/1
nel0x seemed to have appeared from nowhere the same as me now
I think one important difference is that apart of the Syncting project involvement, @nel0x has also had a long history of other GitHub activities, plus a public website with his real name and other personal information. This isn't the case here, so naturally the users are much more suspicious.
@nel0x thank you
@tomasz1986 this is true.. i will consider telling more about me in the future
@aTosser currently i feel two big problems i cannot solve imo fear cannot be taken of people if telling them do not fear or the contrary and write trust on it yourself i feel uncomfortable writing my real name on something i got from another one and a lot of people are yelling bad actor without proof there is so much distrust and rant out there if you google it i came here to help but feel like some commentators on this repo like to stop me from working on the app in total contrary to about 80000 downloads which make me view everything might settle down and already some people trust and are with me in a positive manner
@Otiel i agree with the communication sorry to repeat nel0x forked and pulled i have no knowledge of their work done on the project their links targeted the original repo for issues feature requests wiki .. but it is okay for me if they work on it and sorry i have no deeper news on the handover i was offered to take it including everything during chat (i did not store this as screenshots) then got email from github after i sent my username to catfriend i clicked the link to accept the transfer catfriend disappeared and the chat was no longer visible to me i tried to put the repo back at its original url when i saw their github name was free
and for some reason there is a redirect from the original repo location to this which i did not setup.. i read about the initial distruct arose because people silently got updated from here but that was not setup nor intended by me
now made a github ticket asking them to stop the redirectoin but go no answer yet
at all please stop the heat if you find anything malicious in here please DO report as that is not my intention to add something bad here both in past or current states please tell ME from my reading some people out there already checked the source code or parts of it and that is good.. it wont let you trust me but it is a good start for us all imo
closing this as it resolved gracefully for the moment you can still comment but please understand my pov
🤖 This issue has been automatically locked because it was closed.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}