The last contribution to #Signal's server software was on April 22, 2020. Due to the sudden commit drop to literally 0 it is no longer possible to seriously call current Signal versions fully open-source.

That has no effect on the messenger's end-to-end encryption or its overall security but it does compromise the trust in the Signal Foundation, especially when considering that they did not give any reason for not disclosing the source code.

🔗 github.com/signalapp/Signal-Se

The German tech magazine Golem shares my opinion:

"Signal-Server nicht mehr Open Source"

("Signal's server not open-source anymore")

🔗 golem.de/news/crypto-messenger

The situation regarding #Signal's source code which hasn't been updated for about a year gets weirder and weirder:

When you open its commit history on 🔗 github.com/signalapp/Signal-Se, #GitHub now displays tons and tons of commits from the last months that fill the gap.

Is it possible that Signal has suddenly disclosed all the server updates to the public? Maybe due to criticism?

@datenschutzratgeber they used commits but they didn‘t pushed them. That’s why it looks like that. Seems not very uncommon to me. They did not push, because they developed a new payment feature. Doesn’t seem weird to me. I would have done the same, to not give governments the chance to cancel the project before it’s ready.

Follow

@Lu @datenschutzratgeber

Good explanation, they could also work on this payment feature in a separate branch and only push the master to GH to show the project was still alive.

Sign in to participate in the conversation
mastodon.cloud

Everyone is welcome as long as you follow our code of conduct! Thank you. Mastodon.cloud is maintained by Sujitech, LLC.