Its all fine until their approach of privacy or security differs with what’s best for the project, then there’s no reasoning with them to fix it because they’re not calm and flexible. Then ya gotta fork it and get everyone to transition to the new fork, and get developers back onboard, etc.

A crazy, but pointed example of something like this could be: the dude could just claim grapheneos going forward will not have networking anymore because thats an attack vector, and at that point the project doesn’t even suite anyone’s needs to be used as a smartphone anymore. How are you gonna reason with someone like this that, while keeping networking in the project is an attack vector, its necessary to be able to use the project for it’s intended use case? You probably aren’t

The maintainer Catfriend1 set the whole repo to private and apparently transfered the repo/code ownership, and signing keys to someone else without telling anyone? There’s some more to it, but the maintainer didn’t choose to share any info with the public, and it makes it seem highly suspicious what their intention and motivations are/were with the codebase.