giulio

I think that although we might consider Tor Browser for Android as trustworthy as the desktop one, the same cannot be said for the overall environment. Most Android phones will...

Implemented most required changes, tests still in progress, thanks for the help! > The second is because open_session() is defined in the parent as returning nothing, so we should get...

As for https://github.com/freedomofpress/securedrop/issues/204 that issue is strictly related to the source interface which is unaffected by the changes here. Although technically the same problem existed in the journalist interface, the...

Test plan moved to the top comment.

> > Tested session expiry using `redis-cli {keys|get|ttl|expire}`. There are a couple of issues with session lifetimes: > > * sessions persist across server reboots, as there's nothing stopping the...

Just flagging that depending on the Qubes team preferences and choices, we could also ask to ship our repository by default but keep it disabled, and then asks users to...

Depending if exporting also involves archiving/unarchiving files with arbitrary or controllable names I tend to agree that the attack surface of a copy operation, given that the copy operation is...

I gave up with the porting efforts and ended up writing a minimal client implementation that has no dependencies and is browser-native [here](https://github.com/freedomofpress/webcat/blob/main/extension/src/sigstore/tuf.ts). Though for long term sustainability, it would...

> Oooooh that's pretty nice! Any chance you publish it as a npm package for node usage? > I would like to, and the development led to [some discoveries](https://github.com/sigstore/root-signing/issues?q=is%3Aissue%20state%3Aclosed%20author%3Alsd-cat). There's...

While we appreciate the interest and the offer for contribution, I do not think we can prioritize this type of mitigation strategy anytime soon. The whole purpose of the DZ...