Sshfs 3.7.4 Released
github.comFrom the Readme[1], which probably should have been linked instead of the release directly, this is a fork. Given that there's no atrribution and few other projects in the org, I'd be wary of calling it "sshfs" without huge qualification
[1] https://github.com/deadbeefsociety/sshfs/tree/sshfs-3.7.4#th...
What's the problem? Libfuse stopped maintaining it officially, and this new maintainer stepped up and continues. That's enough qualification.
It's the same supply chain provenance question that's completely ignored all over our industry - Who made this? How do we know they're trustworthy?
I'm not saying they're not - My initial review of the contributors and contributions seems fine. There's some paper trail and evidence these people are qualified. The negative, and the only reason I mention it - This posting is not upfront that it's a fork. To be trustworthy you need to be upfront about things that affect the chain of trust, like maintainer changes or forks. The README is clear about it. That's points for it. The Release is not. That's points against, though a small quantity, because it's likely that the team expected you to be coming to the release from the Readme. This posting, though, is by one of the contributors, and points directly at the release and has a title that doesn't mention the fork. It's likely just enthusiastic oversight, but that's why I mention it; As much as a reminder to do better as a warning.