Comments (5)
Where can we find the digital signatures? I could still not find any, do you upload this package somewhere else too?
from lurch.
I will not sign code I cannot vouch for. I'll reconsider this once OWS starts signing their code, which I have to include in my source archives.
from lurch.
What? You are the publisher. Signing only helps to verify that the code does not get modified between your, github and the end consumer. It does not give the user any warrenty, unless your license does, which is not the case. So why not help improving the security of the packaging of your security? You are a wise man, you implemented omemo for pidgin, please rethink your decision. Thanks.
from lurch.
This plugin is just glue code, the main work is done in the submodules, which include libsignal-protocol-c that does most of the crypto. As long as not all the parts are signed, especially the most critical part, I think this is worthless and I'm not willing to deal with PGP for that.
Even if I just sign the resulting tarball (which as I said has to include libsignal-protocol-c), because OWS doesn't employ signatures I have no guarantee that it wasn't modified on the way to my computer (as you said yourself), so I don't want to mislead the users of this plugin.
from lurch.
Imagine someone else wants to include this project in another project. But he will refuse to sign his project, because your project was also not signed. Then nobody would sign any code. Your choice.
And beside this it is also a shame that the signal guys dont sign their code. Even more important than this pidgin addon.
from lurch.
Related Issues (20)
- Name changing request HOT 1
- cannot send omemo encrypted messages with portable edition of pidgin ... HOT 14
- [0.7.0] Makefile pulls indirect dependencies (from libomemo and libaxc) into lurch without need to? HOT 7
- Licensed under "GPL 3 (and just that)" or "GPL 3 or later"? HOT 9
- Custom smileys are broken in OMEMO-enabled chat HOT 1
- Request for v0.7.0 Windows DLLs HOT 15
- Issue to Install in Puppy Linux HOT 5
- I can't seem to read other people's devicelists HOT 2
- XML parser error for JabberStream 0343AFD0: Domain 3, code 100, level 1: xmlns: URI eu.siacs.conversations.axolotl is not absolute HOT 5
- Received omemo message that does not contain a key for this device HOT 21
- outdated documentation? HOT 1
- Having lurch enabled in pidgin causes connections to reset HOT 4
- Messages cannot send with lurch HOT 4
- lurch no longer showing up in pidgin plugin list? Pidgin 2.14.9 HOT 9
- It doesn't work for a FIPS cryptographic policies HOT 1
- [Documentation]Add Gentoo installation guide to README.md HOT 1
- Why not compile statically for easier distribution? HOT 2
- Crash when starting conversation with a new buddy in Pidgin HOT 1
- Feature: Add a shield in head of conversation tab to show End-To-End is OMEMO encrypted
- Plugin is not on the list of plugins HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lurch.