nostr:npub1sg6plzptd64u62a878hep2kev88swjh3tw00gjsfl8f237lmu63q0uf63m curious on your thoughts about this
Discussion
it’s open-source code where you can verify what you’re using so i don’t think it really matters
Who’s going to verify it though? Do you really trust those ppl have good intentions?
Trail of bits completed a full code audit last year. Malicious or just poor code can still get added in after that but one would hope that security focussed maintainers would have their eye on this sort of thing.
I was just reading about a few different cases where crypto projects got audited and they still got hacked.
It's impossible to guarantee security. It's possible that the audits were shoddy, that the devs added malicious code intentionally or unintentionally post audit or that there was just some new exploit.
Ultimately the money invested from the glowing sources paid for a fairly reputable firm to audit the code but secure comms is always going to be a target.
Of all ppl that could’ve invested, those are some of the most sus possible. Maybe they’re just being good guys but come on lol.
XMPP is open source code, with open standards and many implementations... And decades track record