Why are reproducible builds only on one platform (Android)? Desktop version could have a built-in backdoor and data would be transferred not from the phone, but from the PC)

  • Steamymoomilk@sh.itjust.worksEnglish
    524·
    1 year ago

    Signal doesn’t trust messages server side. And the official flatpak made by the signal foundation are verified. So as long as you use the flatpak its safe.

    • carnha@lemm.eeEnglish
      31·
      1 year ago

      Just a note that the flatpak is not made by the Signal Foundation, it is maintained unofficially by the community. See the last sentence on the app description on Flathub:

      This flatpak is maintained by the Flathub community, and is not necessarily endorsed or officially maintained by the upstream developers.

      There’s a discussion about the community flatpak’s trustworthiness on their repo here and here, a feature request for the Signal Foundation to have an official release here, but for now the only official Linux release of Signal is for Debian-based distributions.

      • Steamymoomilk@sh.itjust.worksEnglish
        1·
        1 year ago

        Fair point but why does signal have a position available for signal desktop on there web page? That’s rather odd to have it community maintained.

    • olsonexi@lemmy.wtf
      19·
      1 year ago

      Signal doesn’t trust messages server side.

      What does this have to do with their ability to support reproducible builds?