Endlich mal ein statement von moxie zum Thema #signal Server sourcecode:
Comment #815400676 in issue 11101 at signalapp/Signal-Android
￼ moxie0 commented Apr 8, 2021
First off, sorry the source for one of our services was so far behind. We often don't push source until we release things, and there were a few overlapping releases that happened in that period which made it awkward to push at any moment and put us behind. Additionally, we've seen a large increase in spam, and a reluctance to immediately publish the exact anti-spam measures we were responding with to a place - 1/3
where spammers could immediately see them combined with the above to cause this extreme delay.
As folks in this thread have noted, our client source is always published with each release, the builds are reproducible, and everything is designed not to trust the server anyway. To be very clear for the few tinfoil hatters here (the internet just wouldn't be the same without you at this point, thank you for your service), we are not under any "gag order," there is no @jedie - 2/3
NSL, and the whole point is that there's no "malware" we could install on the server.
Even if it's of no security consequence, we get why server source is useful for people who want to run their own versions of Signal, understand how Signal works, and just generally see how things are built. We'll do a better job of pushing changes in more real time.
We try not to use GH issues for discussion, so I'm going to close this now, but hit us up on the forums. @jedie - 3/3
Anti-Spam-Methoden, die geheim bleiben müssen?
Security Through Obscurity ist eine Schnapsidee und war schon immer eine.
Und sowas hat sich mal als Sicherheitsexperte verkauft.
chaos.social – a Fediverse instance for & by the Chaos community