Wow, this is an amazing example of how *not* to reply to security issues. @videolan https://twitter.com/11rcombs/status/1086531879178829824 …
-
This Tweet is unavailable.Show this thread
-
Note that I don't think this is a real issue -- it seems like they're properly verifying signatures all the way through (assuming the hand rolled crypto works... ¯\_(ツ)_/¯). But I stand by the response being terrible.
1 reply 1 retweet 7 likesShow this thread -
Replying to @delroth_
By using http though they are still allowing people to eavesdrop and determine which version of VLC you are upgrading to. There really are no good reasons to keep using SSL connections even if only for privacy reasons.
1 reply 0 retweets 0 likes
You can always infer that anyway from host/port + the fact that VLC always updates to the latest version (AFAIK) + size analysis. It's still completely crazy to not just add TLS here, and really they should have done that years ago.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.