Doesn't that apply to every project hosted in America, too, though? Every project is subject to the jurisdiction in which it is hosted. And I know they're not the only project that accepts error reports and in-app updates. Unless there is more telemetry involved or tracking of out-of-app activity, I'm not seeing cause for alarm here. Though I'm open to evidence that there is.
From what I've seen on their site since is that they're saying they are now GDPR compliant. And I suppose, since they are still open source, that anyone finding anything seriously malicious would have pointed it out by now. Maybe just a bit of bad press and people jumping to conclusions because "Russia bad."
I do still plan to check out Tenacity though and see if it's a better project.
As someone who contributes to FOSS projects, I think you put too much trust in the ability of the community to police such things. There simply aren't enough people reviewing project code to ensure it's safety and compliance if a maintainer or team decide to follow bad local laws or act explicitly in a malicious way. Some things get caught but I'm sure there are things thst slip through.
Yeah, it’s actually a major issue with FOSS in general. It’s essentially the bystander effect in code review; When everybody is reviewing the code, nobody is.