Comment by embedding-shape
11 days ago
Additional context from the original author of syncthing-android, Catfriend1: https://forum.syncthing.net/t/does-anyone-know-why-syncthing...
11 days ago
Additional context from the original author of syncthing-android, Catfriend1: https://forum.syncthing.net/t/does-anyone-know-why-syncthing...
Thanks for sharing this.
I thought this comment was strange at the end of Catfriend1’s post:
> I’ll review the progress from time to time and if I find anything malicious going on, I’ll let you know here.
That’s absolutely not something you say when you trust the person you’re handing things over to :s
Seems like a statement to reassure users who don't necessarily have any trust in the new maintainer. And even if the users trust the new maintainers, it's better to have the reassurance of previous maintainer on top.
Trust is not transitive, nor should it be. We (the users) trust the previous maintainer. They trust the new one. We don't (naturally). The old maintainer says they'll review the new one's work, so we'll have trust the old maintainer (mostly).
Not that the whole trust system can't improve in various ways in general. But for now we have to trust someone.
> Seems like a statement to reassure users who don't necessarily have any trust in the new maintainer.
The statement didn’t seem reassuring.
It’d have been reassuring to hear something like “This person has been a committer for X period, and has demonstrated Y and Z.”
> They trust the new one.
Well my point is it doesn’t sound like they actually do trust the new maintainer. Maybe just poor choice of words, but it didn’t fill me with confidence.
2 replies →
There is an uncounted amount of trusted people who turned to malice, especially in vulnerable situations. Even if someone initially was trustable, they can always have a change of motivation for whatever reason. And that's leaving out accidental fuckups turning harmful. At this point it's clear that even in open source, blind trust can be harmful long term.
Lack of trust is not the same as distrust.
I didn’t mention “distrust” in my comment :)