zlacker

[return to "Signal Server code on GitHub is up to date again"]
1. red_tr+G1[view] [source] 2021-04-07 15:08:20
>>domano+(OP)
Is there any mechanism to validate that the code running on Signal's servers is the same as on Github?
◧◩
2. mikece+E2[view] [source] 2021-04-07 15:13:22
>>red_tr+G1
Seems there should be an API endpoint, similar to a health check endpoint, that allows one to validate that the code on the server matches what's in GitHub. How exactly that would work is beyond me since I'm not a cryptographer but seems like an easy way to let developers/auditors/the curious check to see that the code on the server and GitHub match.
◧◩◪
3. monoca+63[view] [source] 2021-04-07 15:15:11
>>mikece+E2 

   validate_endpoint() {
     return hash_against_other_file_not_exe();
   }
[go to top]