OwnCloud actually has security issues similar to what you cited in the second link. Their security track record isn't spectacular either.

https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-in-t...

I'd like to point you to https://statuscode.ch/2015/09/ownCloud-security-development-... and make you aware of https://seacloud.cc/group/3/wiki/security-records.md and you should probably consider who reported the last critical vulnerability.

Only because a project is serious about actually publishing vulnerability data does not make it necessarily more insecure (or secure).

I agree. Just pointing out that the specific problem the above poster mentioned as a reason to choose OwnCloud also is similarly true of OwnCloud.

https://blog.hboeck.de/archives/880-Pwncloud-bad-crypto-in-t...

The impact is a different one though. In that scenario pointed by Hanno somebody needs to have access to the storage which already requires some kind of previous gained access. What could be done by an attacker then is to infect EXE files or so.

In the case of Seafile one could simply change passwords of any user etc.

But yes, crypto is hard and I agree that the way we did it at ownCloud is far away from the best way. :-)

I hope there can be an updateable packet in Debian again with this fork.