[ad_1]
Signal has always been advertised as the Security-conscious alternative to WhatsApp and Co. due to its open-source nature, but the non-profit organization behind the chat app has not always lived up to its original open-source promises. Although it regularly releases code for its client applications, Signal failed to update the Github repository for its server for almost a year, as reported by the German publication Golem – albeit earlier in the release. day, the company released an update with a newer version.
The repository was full of complaints from the open-source community asking why Signal is no longer releasing changes to its server code, and prior to this most recent version, the last code released was as of April 20, 2020. An entry on the topic is open since March 13. Golem also reached out to Signal for comment, but he also hasn’t received a response. The topic was already discussed on Hacker News about a month ago, again without explanation from the company.
While communication is guaranteed to be secure due to the end-to-end encryption implemented in open-source client applications and the Signal protocol, a closed server application prevents forks and prevents anyone from auditing the most recent version of the version or build their own up-to-date Signal servers. For an open source project, this has far-reaching consequences – others can’t build their own separate platforms using the code if they’re not happy with the direction Signal is taking. Recent actions like this inability to release recent source code could precisely be the kind of reason someone would want to fork in the first place.
Meanwhile, the company’s website still boasts a quote from Twitter CEO Jack Dorsey endorsing the service because it’s open-source and peer-reviewed, saying it’s “a role model. refreshing for how critical services should be built. ” Having open-source clients is always great and way better than anything Facebook has to offer, and it’s worth pointing out that Signal clients and its protocol are publicly accessible. Still, the nearly a year delay in releasing the server’s source code and the radio silence over the delay is agonizing, especially if you rely on online security and anonymity.
Earlier today, Signal started posting a newer version of its server code on Github, and version 5.4.8 is out now, and while that fixes the immediate problem, an explanation for the rather long delay between releases. is still not coming. we can see.
The secret might have something to do with the new payments feature announced earlier today, and an effort to keep that hidden while it was in development, but the lack of communication regarding the delay between releases is still problematic. the best.
The updated version is now available on Github
Although Signal never responded to our queries, the company eventually offered a newer version of the Signal Server code on Github. (Thanks to everyone who let us know, since Signal didn’t.)
Our coverage has been updated.
An earlier version of the story indicated that the updated version of Github happened after our coverage hiked, but it could have happened around the same time or just a little before. We regret the error.
[ad_2]
Source link