- cross-posted to:
- cybersecurity@sh.itjust.works
- cross-posted to:
- cybersecurity@sh.itjust.works
As mentioned in the comments, plain text keys aren’t bad because they are necessary. You have to have at least one plain text key in order to be able to use encryption
So effectively its not FOSS.
It’s absolutely FOSS. It is not, however federated. But that is not a requirement to be free and open source software
Think of it like this, Linux is free and open source software, even if I don’t give you a shell on my computer.
You can use the code, however you want, in any project you want.
I think this is the more worrying part if true. The backend is licensed under the AGPL, so this would technically be a
violationof their termsEdit: For anyone else reading I looked into it a bit more and looks like the issue came to a head around 3 years ago, with this comment being made after a year of missing source code. The public repo has been pretty active since then, so the issue seems to be resolved
[This comment has been deleted by an automated system]
It isn’t, because their business practices violate the four FOSS essential freedoms:
Specifically, freedom 4 is violated, because you are not permitted to distribute a modified version of the program that connects to the Signal servers (even if all your modified version does is to remove Google Play Services or something similar).
Molly.im
The license does not prevent number four from happening, they just ask people not to do it