this post was submitted on 06 Jul 2024
107 points (100.0% liked)

Free and Open Source Software

17957 readers
156 users here now

If it's free and open source and it's also software, it can be discussed here. Subcommunity of Technology.


This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago
MODERATORS
 

As mentioned in the comments, plain text keys aren't bad because they are necessary. You have to have at least one plain text key in order to be able to use encryption

you are viewing a single comment's thread
view the rest of the comments
[–] Haui@discuss.tchncs.de 19 points 4 months ago* (last edited 4 months ago) (1 children)

Its not a surprise but it has not really received a lot of attention since people have reported it.

https://github.com/signalapp/Signal-Desktop/issues/5751

Also signal as a service is not really open source because it is not selfhostable. The server backend is proprietary afaik.

[–] jet@hackertalks.com 15 points 4 months ago (1 children)

The back end is open source, but sometimes they've lagged years behind releasing the source code. Other developers have stood up copies of the signal network. Session, for example.

You can self host your own signal, but it's not federated, so you'd have nobody to talk to

[–] Haui@discuss.tchncs.de 5 points 4 months ago (1 children)
[–] jet@hackertalks.com 11 points 4 months ago* (last edited 4 months ago) (2 children)

It's absolutely FOSS. It is not, however federated. But that is not a requirement to be free and open source software

Think of it like this, Linux is free and open source software, even if I don't give you a shell on my computer.

You can use the code, however you want, in any project you want.

[–] furikuri@programming.dev 3 points 4 months ago* (last edited 3 months ago) (1 children)

The back end is open source, but sometimes they've lagged years behind releasing the source code.

I think this is the more worrying part if true. The backend is licensed under the AGPL, so this would technically be a ~~violation~~ of their terms

  1. Remote Network Interaction; Use with the GNU General Public License.

Notwithstanding any other provision of this License, if you modify the Program, your modified version must prominently offer all users interacting with it remotely through a computer network (if your version supports such interaction) an opportunity to receive the Corresponding Source of your version by providing access to the Corresponding Source from a network server at no charge, through some standard or customary means of facilitating copying of software

Edit: For anyone else reading I looked into it a bit more and looks like the issue came to a head around 3 years ago, with this comment being made after a year of missing source code. The public repo has been pretty active since then, so the issue seems to be resolved

[–] hedgehog@ttrpg.network 1 points 4 months ago (1 children)

It isn’t, because their business practices violate the four FOSS essential freedoms:

  1. The freedom to run the program for any purpose
  2. The freedom to study and modify the program
  3. The freedom to redistribute copies of the original or modified program
  4. The freedom to distribute modified versions of the program

Specifically, freedom 4 is violated, because you are not permitted to distribute a modified version of the program that connects to the Signal servers (even if all your modified version does is to remove Google Play Services or something similar).

[–] jet@hackertalks.com 4 points 4 months ago

Molly.im

The license does not prevent number four from happening, they just ask people not to do it