Hacker Neue

Preferences
Spunkie parent
It sounds good in theory but signal updates are beyond excessive, sometimes multiple times a day but almost certainly every few days.

Most of the time there is zero explanation for the update. They are just training their users to auto accept updates with no thought about why, which in itself is a security risk.

If signal really is pushing these updates for "security" then it must be one of the most insecure apps ever built. I legitimately can't think of another app or program that updates more frequently... Maybe youtube-dl?

godelski 

  > It sounds good in theory but signal updates are beyond excessive
Those are two different arguments.

Updating too frequently is not equivalent to "doesn't need to be updated." I can agree that they update a bit too frequently but that's nowhere near the argument about never updating.

A program cannot be secure if it does not update. Full stop.

  > Most of the time there is zero explanation for the update
There's always a changelog.

If you, unlike most people, are interested it is all open source

  https://github.com/signalapp
  https://github.com/signalapp/libsignal/releases
  https://github.com/signalapp/Signal-Android/releases
  https://github.com/signalapp/Signal-iOS/releases
  https://github.com/signalapp/Signal-Desktop/releases
I would suggest looking at the actual commits and not just the release notes. Libsignal usually has more info about the security

  >  legitimately can't think of another app or program that updates more frequently
Probably because they do so silently.
majkinetor
That change log for android sucks - the same content for 20 releases or so...
nebulous1
You'll need to trawl through the actual commits it appears: https://github.com/signalapp/Signal-Android/commits/main/
godelski
Yes BUT I ALSO SAID

  >> I would suggest looking at the actual commits and not just the release notes

This item has no comments currently.