David

2 months ago • •

David
2 months ago • •

I am disappointed that @matrix didn't publish any response to the Soatok post.

At least to provide some context about
- Why was an insecure crypto implementation knowingly chosen for libolm?
- Why was the fact that libolm is potentially insecure not clearly communicated?
- Why was the crypto implementation not replaced sooner?
- Why is the ecosystem so slow to start using the Rust rewrite?
- Does the foundation plan to do anything about that?

#matrix #libolm

This entry was edited (2 months ago)

in reply to David

The Matrix.org Foundation

in reply to David • 2 months ago • •

We will definitely be saying more about this as the dust settles. We believe responding in the heat of the moment to be counterproductive given the dynamics involved, and are also casting a wide net for further independent review so as to ensure we're not off base in our own assessment.

This entry was edited (2 months ago)

in reply to The Matrix.org Foundation

David

in reply to The Matrix.org Foundation • 2 months ago • •

Hi, sorry to poke you again, do you still plan on publishing a statement?

in reply to David

The Matrix.org Foundation

in reply to David • 2 months ago • •

yup, any minute. sorry it took a while.

⇧

David

David 2 months ago • •

The Matrix.org Foundation

David

The Matrix.org Foundation

David
2 months ago • •