deeplow
deeplow
The current way that the code detects if we're running in debug mode is not ideal: ```python getattr(sys, "dangerzone_dev", False): ``` It hijacks the `sys` module to add something unrelated....
Currently converting documents in bulk on Qubes is slow. One document opens in one disposable qube. This means that more often than not **the overhead of VM startup is higher...
We're using the build tool wix 3.11 which has not been replaced by wix 4 for a while.
Even though we are shipping updates when critical vulnerabilities are found in the container image, the user may be running an outdated Docker Desktop version, which in the worst-case scenario...
A feature that has been clearly missed and has now surfaced again through user testing during the [International Journalism Conference](https://freedom.press/meet-us-at-ijf-2023). This is a sub-issue of https://github.com/freedomofpress/dangerzone/issues/117 ### Notes / Evidence...
We've done [this](https://github.com/freedomofpress/dangerzone/pull/305) in the past, but according to the auditors, we can further slim down the image (and thus removing potential attacker gadgets). They found `nc` and `wget but...
Historically on the containers version of Dangerzone the conversion happens on a second container. This was needed since Dangerzone relied on many linux-native programs for conversion such as GraphicsMagic, ghostscript...
The [`install_container()`](https://github.com/freedomofpress/dangerzone/blob/7bac3eb6b16c3ac2a2529105e2fa28f2bab3f7c3/dangerzone/global_common.py#L450) method returns false when it fails but none of its calls check the return value. This should also be passed on to the user interface so the user...
Custom macros in documents are a common attack vector. This is currently NOT a security issue Dangerzone faces since in its default config [LibreOffice in alpine does disable untrusted macros](https://github.com/freedomofpress/dangerzone/pull/378)...
Suggestion to create a version of Dangerzone that does not need to be installed. If this is ever going to be a reality on windows or macOS we'll have to...