When researching OnlyOffice a bit, Google point me to a question - Is OnlyOffice Russian? Their website claim they are Latvian so that question surprise me.

I find a discussion at Cryptpad forum: https://forum.cryptpad.org/d/232-onlyoffice-concerns-vendor-makes-shady-moves
But also dedicated website: https://eviloffice.tutdomen.com/

And there is more. Licensing problems: https://opensource.stackexchange.com/questions/9481/is-onlyoffice-restricting-our-freedom-with-their-faq-agpl-v3 (is not really open source?) and mobile clients going proprietary: https://www.reddit.com/r/NextCloud/comments/fktqug/onlyoffice_fcked_us/

I know we want keep politics out of software, but it also be nice if Russia keep tanks out of Ukraine... So I have reasons not to trust.

Do you think this is structural risk? There are hackers try to get backdoors in open source tools. Here we have company that has to do what Russian government want. Many of their employees are seem to be in Russia.

I do not feel comfortable installing Russian backdoor on my server.

I know they are 'open source', but it not mean much when they do not have any outside contributors - it means nobody actually looks at code. Everyone here care about security and privacy so I ask, what do you think about this?