Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
aftbit
on Feb 4, 2021
|
parent
|
context
|
favorite
| on:
Help users in Iran reconnect to Signal
They have completely disabled issues on that repository. Wow I used to really like Signal...
kelnos
on Feb 4, 2021
[–]
And it seems they've fixed the issue, without any kind of public comment.... still not great:
https://github.com/signalapp/Signal-TLS-Proxy/commit/39a97da...
kdunglas
on Feb 4, 2021
|
parent
[–]
I (partially) fixed this issue, and I'm not affiliated in any way with Signal. It's public (
https://github.com/signalapp/Signal-TLS-Proxy/pull/2
), and it looks like they welcome contributions, because they merged mine.
cryo
on Feb 5, 2021
|
root
|
parent
|
next
[–]
Wouldn't it be saner to also verify the downloaded archive hash? It looks like the domain resolving of nginx.org is trusted without doubt.
kdunglas
on Feb 5, 2021
|
root
|
parent
|
next
[–]
Sure! I also opened another PR to check the archive signature:
https://github.com/signalapp/Signal-TLS-Proxy/pull/10
gspr
on Feb 5, 2021
|
root
|
parent
|
prev
[–]
Sorry for not noticing your PR before filing the bug.
I still find the way they (partially) dealt with this a bit worrisome.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
