If I understand, Skype traditionally turns over all messaging content to any authority figure who asks, no? If they improved the crpyto great, but they cannot be trusted, so auditing their code sounds challenging and might yield only temporary results.
Signal matters of course. On Mon, 2017-11-13 at 12:32 +0100, Nadim Kobeissi wrote: > This is unsustainable. Rewrite it in Rust! Rust Evangelism Strikeforce, Yey! I'm actually not joking: Electron must contain the usual 0-day herd, via Chromium, etc. Mozilla's Servo project otoh provides a largely memory safe browser engine, with greater attention paid to security throughout, although they never rewrote SpiderMonkey. If you want to write a secure Electron app, then maybe your first step should figure out if you could do it under Servo plus whatever instead. In fact, Mozilla has done exactly this before since their Browser.html experiment runs under Servo, Gecko, and Chromium: https://github.com/browserhtml/browserhtml Also, I suspect the Servo team will be happier to consider issues you raise and take your patches than Google or GitHub. Jeff p.s. More links: https://www.reddit.com/r/firefox/comments/4dv2z2/project_tofino_a_electron_based_browser/?st=j9yecfmq&sh=1803d1bf
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list Messaging@moderncrypto.org https://moderncrypto.org/mailman/listinfo/messaging
