zlacker

[return to "Signal Server code on GitHub is up to date again"]
1. red_tr+G1[view] [source] 2021-04-07 15:08:20
>>domano+(OP)
Is there any mechanism to validate that the code running on Signal's servers is the same as on Github?
◧◩
2. Someon+f2[view] [source] 2021-04-07 15:10:49
>>red_tr+G1
How would that work? You'd be layering trust on trust, wherein if they're willing to lie about one thing they're willing to lie about confirmation of that same thing (or not).

Unless you're going to hire some independent auditor (that you still have to trust) it seems logically problematic.

◧◩◪
3. madars+K2[view] [source] 2021-04-07 15:13:49
>>Someon+f2
SGX enclaves can attest to the code they are running, so you don't exactly need to take Signal's word on faith.
◧◩◪◨
4. eptcyk+R3[view] [source] 2021-04-07 15:18:31
>>madars+K2
Except SGX enclaves are horribly broken.
[go to top]