We've been using Seafile for two years at my workplace. So far it's been very reliable and much faster than Nextcloud for file transfers. The current drive clients work well, but aren't as polished as Google File Drive Stream, for example. On macOS, I hope they will transition from macfuse.fs to the new FileProvider framework soon.
Seafile's file storage format has the advantage that it's easy to revert a file or folder to some earlier revision, for example after accidentally deleting files.
Store things encrypted. (For example I sync my KeePass DB via Seafile.)
Plus as far as I know neither ownCloud nor nextCloud went through a security audit and they are big piles of PHP with a lot more complexity than Seafile. So it's very likely that there are more bugs in phpCloud than in XiFile.
If you want some real security buy a DropBox/GoogleDrive/MSOneDrive subscription, hm?
> Plus as far as I know neither ownCloud nor nextCloud went through a security audit
This is inaccurate. Nextcloud does receive security audits and is in fact also used by quite some security-conscious organizations (to name a few: German Government, Siemens, ...)
There's also a bug bounty program that pays pretty decently considering the company size: https://hackerone.com/nextcloud. (Remote Code Execution = 10k, Auth Bypass = 4k - compare that to rewards that the FAANG pays and you'll see it's not that bad)
> and they are big piles of PHP with a lot more complexity than Seafile
I did a small audit of Seafile years ago and I don't think that argument flies.
```
def random_string():
"""
Generate a random string (currently a random number as a string)
"""
return str(random.randint(0,100000))
```
That's not really secure and copy-pasting Django core code and then removing security checks ... is shady at best.
Disclaimer: I wrote a significant part of the ownCloud code (https://github.com/owncloud/core/graphs/contributors), then forked it into Nextcloud. After some years I moved to Facebook to do application security there :-)
Oh wow, thanks for the quick reply. I searched for nextcloud audit but haven't found the reports, just docs about the "monitoring and audit" and the "security scan" feature. (I still can't, but maybe that's because these audits/reports are not public, I don't doubt your word.)
In my experience I've not found software developed by engineers based in China to be developed with any particular care. It is very common to see trivial backdoors, massive amounts of data collection, and plaintext protocols. For situations where the developer is being security conscious, the language barrier often means that reports of concerns are either ignored or misinterpreted.
It is often the case that software developed outside of China, for devices produced in China is alright, but on the other hand many companies like Honeywell simply contract all of their software development there as well, and it painfully shows. I shouldn't be able to buy a product in 2020 that has a linux kernel from 2012 and multiple remote code execution vulnerabilities just from public CVEs, but the Honeywell Tuxido security system managed it with ease.
I have experience of the similar software quality issues, however none of this is unique to China, north America, Europe, India, China. My question was specifically related to the hardware most people run, which is often fabd China, given most people take it for granted that this is "safe".
The hardware is obviously suspect as well, but I can only speak for the number of actual backdoors I've been able to find in my own devices. Root shells on random sockets, "accidental" eval() in web UI elements, hardcoded passwords, actual processes just called `backdoor`. I especially liked being able to remove the IPMI password from a SuperMicro board I bought from eBay by making a HTTP request to a "buggy" endpoint that printed the root password back in plaintext.
It's always about trade-offs. For our use-case, I trust it well enough to prefer it over something cloud-hosted in another country. But I don't doubt that Seafile contains security holes and I wouldn't be surprised if there were backdoors. But I assume that for quite a lot of the gear I manage, so... :)
Seafile's file storage format has the advantage that it's easy to revert a file or folder to some earlier revision, for example after accidentally deleting files.