Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You can validate the code running on the client (well, not on iOS, but that's true for all iOS apps unless you've jailbroken your phone).

If Signal works well, you shouldn't need to validate what code is running on the server in the first place.



With Signal, you can't really validate the code running on the client. Signal insists on distributing only via Google Play Store or Apple App Store, so usually updates are automatic and uncontrolled by you. And Signal has a history of not releasing timely updates of their client code, so even if you would do your own builds or compare their released code to their public updates, you would have at least a few weeks latency. And I doubt anyone would notice, since the Signal people tried hard to piss off everyone who did reproducible builds of their code.


Signal insists on distributing only via Google Play Store or Apple App Store

on the signal.org website, there is a direct download link right below the google play button.

it's still just a binary, but you can control updates. incidentally i just did an update this way.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: