[Cryptography] any reviews of flowcrypt PGP for gmail?
Phillip Hallam-Baker
phill at hallambaker.com
Tue Aug 25 23:31:27 EDT 2020
On Tue, Aug 25, 2020 at 8:02 AM Stephan Neuhaus <stephan.neuhaus at zhaw.ch>
wrote:
> On 8/24/20 6:38 PM, Phillip Hallam-Baker wrote:
> > Telegram and Signal have the same issue with the possibility of
> downloading
> > a poisoned update. Signal in particular demands weekly updates.
>
> And if it doesn't get them (for example if, like me, you don't have a
> Google account and compile Signal from source[1]), it will run for about
> a month (I didn't check the exact period). And then it will count down
> about 10 days before it gives up the ghost. So the "demands weekly"
> update is in fact more of a "must-have monthly" update.
>
> I have sympathy for the Signal developers. If there is a flaw in the
> software, they need to push updates, and push them fast. On the other
> hand, this makes it possible, under certain circumstances, to quickly
> push poisoned updates to targeted users. There is no good middle ground
> if you don't want to market yourself as a niche product. You're screwed
> either way.
>
I don't see additional functionality between updates. If they are having to
make updates that frequently just to patch security holes, something is
wrong.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200825/4ea21e4d/attachment.htm>
More information about the cryptography
mailing list