deeplow

Some issues related to docker image reproducibility are highlighted here: https://docs.dasharo.com/osf-trolling-list/build_process/#how-to-use-flashrom-to-backup-vendor-bios

Some good insights shared by @kernelmethod on the issue https://github.com/freedomofpress/dangerzone/issues/227: > > From my understanding in fedora-based systems apparmor isn't present. Instead, they have SELinux, which adds and extra component...

TIL that this is sometimes called Pixel Tests (see this in [PDFium](https://pdfium.googlesource.com/pdfium/+/refs/heads/main#pixel-tests)).

According the security audit report (yet to be published), in order to distribute on the macOS App Store we must first add the `com.apple.security.app-sandbox` entitlement ([related issue](https://github.com/freedomofpress/dangerzone/issues/638)).

> On Linux, we can rest assured that tmpfs mounts will work, so the discussion does not apply there. This is not so clear-cut. As we saw, ubuntu didn't have...

> That's because we currently don't use any of the --tmpfs / --mount type=tmpfs options. My understanding is that once we pass one of these flags, it will work. I...

Thanks for staring this discussion and for your inputs @rocodes. I rephrased the title a little to make it a bit more actionable and concrete as it took me some...

For the next release in particular, one of the goals (if we manage to make it stable enough) is to implement a simplified version of Nina's plan (detailed above): -...

When adding the multi-document support I have decided to add something that wasn't on the design spec: an "are you sure you want to exit" prompt: 

### Communicating Risk to the User Anything extra that we add that visually processes any of the content of the untrusted file is a risk. This includes compressing it and...