PSA: The Syncthing fork repo has very recently been taken by a new maintainer without notice from the old one. However, the new maintainer seems to be in possession of the old PGP keys, which has made a lot of community members cautious/suspicious.

Related forum thread in the Syncthing forums

Or if you dislike all kinds of ads like me, you may also like the NewPipe fork Tubular, which provides SponsorBlock integration.

Take a look into borg backup.

Yeah, what a disappointment. This guy brought shame to the security community because he was salty that his vulnerability didn’t get the attention it “deserved”.

This link should be working.

Quoting from the OP tweet:

* Unauthenticated RCE vs all GNU/Linux systems (plus others) disclosed 3 weeks ago.
* Full disclosure happening in less than 2 weeks (as agreed with devs).
* Still no CVE assigned (there should be at least 3, possibly 4, ideally 6).
* Still no working fix.
* Canonical, RedHat and others have confirmed the severity, a 9.9, check screenshot.
* Devs are still arguing about whether or not some of the issues have a security impact.

I’ve spent the last 3 weeks of my sabbatical working full time on this research, reporting, coordination and so on with the sole purpose of helping and pretty much only got patronized because the devs just can’t accept that their code is crap - responsible disclosure: no more.

Unpaywalled link