rugk

Yeah, I also was made aware of that proprietary dependency, though, as people have noted, they can certainly get rid of many – which would be very useful in general,...

BTW another cross-link. **Reproducible builds** were previously discussed in https://github.com/corona-warn-app/cwa-backlog/issues/21 and https://github.com/corona-warn-app/cwa-backlog/issues/21. The community (namely @gutjuri, credits to them) even already did some initial work in form of a Docker...

As [it has also been said in a related issue](https://github.com/corona-warn-app/cwa-wishlist/issues/275#issuecomment-732026949), is there any information about the status of this – very popular – feature request? @svengabr, you are assigned and...

Hu? :astonished: What does this bot do? Move everything to "ToDo" when someone comments? :sweat_smile:

That's great and interesting, but not really a security audit from an external company...

FYI the BSI responded to some FOI („freedome of information”, IFG - Informationsfreiheitsgesetz) request and thus published some audits: https://fragdenstaat.de/anfrage/dokumente-zu-sicherheitsaudits-der-corona-warn-app/#nachricht-590020 [Dokumente_geschwrzt.zip](https://github.com/corona-warn-app/cwa-documentation/files/6710007/Dokumente_geschwrzt.zip)

This is funny, because they actually did publish some of them in/via the FOI request above… :upside_down_face: I asked them _why_ they don't do this. :sweat_smile:

@Ein-Tim I already replied on Twitter but the TLDR is, as you also said: Of course do not publish unfixed/undisclosed vulnerabilities. As for fixed ones, however, there is – judging...

…SVG :smiley: (if you need a QR code generator that supports SVGs, I can suggest you some)

Any progress on an upstream integration of this little UI/UX feature?