-
Signal-Server
Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
Signal apps and server are all on GitHub and frequently updated, for what it's worth: https://github.com/signalapp/Signal-Server https://github.com/signalapp/Signal-iOS.
-
CodeRabbit
CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
-
Signal apps and server are all on GitHub and frequently updated, for what it's worth: https://github.com/signalapp/Signal-Server https://github.com/signalapp/Signal-iOS.
-
> They distribute binaries on app platforms
They seem to support reproducible builds https://github.com/signalapp/Signal-Android/blob/main/reprod...
> and don’t allow third party compiled to connect
They don't want 3rd party clients to connect official servers, and do not support to them, but there is no outright ban.
-
> Yeah, but are there any official docs on that?
If they document it, it becomes a standard and people start to rely on it. Even if the documentation itself is merely to explain the how and why of the database's encryption.
> Last time I checked, they switched to SqlCipher as well, but with the password in an unencrypted file right next to the database file.
> What's the threat model of such an odd design choice?
The only thing that is more secure is to use Window's Credential Manager to store the key, which is what Bitwarden does [0].
But those credentials can also be easily dumped [1].
[0] https://github.com/bitwarden/clients/blob/89d7e96b25594e51a7...
[1] https://gist.github.com/micjabbour/654e67d29cbd62be3587b9f1d...
