Well, regardless of exploitability, this attitude just destroyed any confidence I had in VLC's updater being secure. Seriously, WTF. https://trac.videolan.org/vlc/ticket/21737 …
-
This Tweet is unavailable.
-
It's rather "the update is signed and we think we covered all basis. Can you provide us with one avenue we may have missed that would justify this non-trivial change?"
Can you provide us with one good reason why you're exposing a pile of hand-rolled crypto and key parsing code to any random attacker, instead of using HTTPS like a sane person?
-
-
I’m not involved in the project but: if I understood the challenge correctly, the project is not massively funded and rely a lot on mirrors by third party. Moving to HTTPS require either no certificate pinning, or distributing the certificate to anyone who ask
-
This Tweet is unavailable.
- Show replies
New conversation -
-
-
Now, it probably can be managed but it’s not fun and they have better things to do with their (limited) time and money unless the current approach was unexpectedly flawed. Am I getting it right
@Serianox_?Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.