26 votes

Signal's server repo hasn't been updated since April 2020

17 comments

  1. [7]
    vaddi
    (edited )
    Link
    I don't use or recommend signal because of stuff like this. They want to have the benefits of being (called) FOSS without enforcing FOSS practices around their code. That is why I'm hoping for the...

    I don't use or recommend signal because of stuff like this. They want to have the benefits of being (called) FOSS without enforcing FOSS practices around their code. That is why I'm hoping for the Matrix protocol to succeed. The original group behind Matrix are really bad at branding (Riot, Element, even Matrix, what is it with all this weird names? I don't get it and I've ranted about this before), but one thing that I believe they are doing correctly from a FOSS perspective is being transparent. They have weekly podcasts to inform about the status of the project, they have a blog, they have a specification, they allow for multiple front-ends to coexist (even though all of them suck at the time of writing), all of their repositories seem to be public and up to date, the head of New Vector can be found multiple times answering people on Hacker News. It is really unfortunate that matrix based chats are still too complicated for average people to use (I've also mentioned my concerns about this before and while progress has been made it is still nowhere near enough).

    19 votes
    1. HoolaBoola
      Link Parent
      They're simple, and sound kind of elegant (except maybe Riot, which they're trying to rid themselves of, I think) — at least in my opinion. Might be stupid and vague names, but perhaps they can...

      Riot, Element, even Matrix, what is it with all this weird names?

      They're simple, and sound kind of elegant (except maybe Riot, which they're trying to rid themselves of, I think) — at least in my opinion.

      Might be stupid and vague names, but perhaps they can capture the attention of someone who would otherwise not have thought of using the platform?

      2 votes
    2. [3]
      Comment deleted by author
      Link Parent
      1. [2]
        vaddi
        (edited )
        Link Parent
        FluffyChat is very pretty and has a better designed UI compared to Element, but it is very slow, when running on a browser it makes my laptop's fans work at maximum speed, loading old messages is...

        FluffyChat is very pretty and has a better designed UI compared to Element, but it is very slow, when running on a browser it makes my laptop's fans work at maximum speed, loading old messages is very slow, and scrolling any element of the UI feels extremely sluggish. I never tried SchildiChat.

        1. [2]
          Comment deleted by author
          Link Parent
          1. vaddi
            Link Parent
            Never tried the Andorid version, how is the battery consumption?

            Never tried the Andorid version, how is the battery consumption?

    3. [3]
      vaddi
      (edited )
      Link Parent
      @Deimos, the link to a comment in a deleted topic doesn't seem to be working, it takes me to the topic instead. Is this a bug? Sorry if I'm not supposed to ask about this stuff here as opposed to...

      @Deimos, the link to a comment in a deleted topic doesn't seem to be working, it takes me to the topic instead. Is this a bug?

      Sorry if I'm not supposed to ask about this stuff here as opposed to opening an issue on Gitlab.

      3 votes
      1. Deimos
        Link Parent
        Yeah, like the others mentioned—it's a problem with the comment being underneath a collapsed Noise comment. It's a problem I know about, and there are a few other similar ones as well. I think the...

        Yeah, like the others mentioned—it's a problem with the comment being underneath a collapsed Noise comment. It's a problem I know about, and there are a few other similar ones as well.

        I think the best fix for it will be changing so that links to comments go to a separate view that only shows the linked comments (and maybe some context), instead of just linking to a location on the normal comments page. That doesn't work well when combined with some of the other behaviors like collapsed comments.

        4 votes
      2. AugustusFerdinand
        Link Parent
        Doesn't have to do with the topic being deleted, has to do with the linked comment being beneath one that has been collapsed.

        Doesn't have to do with the topic being deleted, has to do with the linked comment being beneath one that has been collapsed.

        3 votes
  2. p4t44
    Link
    The silence from devs on this is concerning. If they announced this with some reasoning it would be understandable. But to do this without announcement or reason and to ignore questions really...

    The silence from devs on this is concerning. If they announced this with some reasoning it would be understandable. But to do this without announcement or reason and to ignore questions really undermines confidence in the app.

    10 votes
  3. [9]
    precise
    Link
    I'm a long time user of Signal and I've spent quite a bit of time and energy convincing my peers to join me on the platform was well. This issue is one of seemingly many that continue to give me...

    I'm a long time user of Signal and I've spent quite a bit of time and energy convincing my peers to join me on the platform was well. This issue is one of seemingly many that continue to give me pause about my continual use of the platform. More conversation on the issue:

    https://community.signalusers.org/t/where-is-new-signal-server-code-why-not-share-signal/15068
    https://libredd.it/r/signal/comments/lw5u2q/
    https://lemmy.ml/post/55595

    Thoughts? My position is that my continual use and promotion of Signal almost entirely hinges on Signal's response to this issue at this point. Finding another application that touts the feature set of Signal while being stupid simple and easy to migrate non-technical friends to will be tough, but I see little alternative.

    3 votes
    1. [8]
      AugustusFerdinand
      Link Parent
      Well since you asked... Thoughts are that the people behind Signal are humans, humans are fallible (forget to update, didn't notice their repo update failed, the dev responsible for the push is...

      Thoughts?

      Well since you asked...

      Thoughts are that the people behind Signal are humans, humans are fallible (forget to update, didn't notice their repo update failed, the dev responsible for the push is lazy/having personal issues that saps their will/memory/drive), they'll get the repo updated, and it's exceedingly unlikely that it's not updated due to anything inappropriate.

      I can't blame Signal for not actively communicating with the "FOSS community" as that takes time, money, and (as is apparent in all of your links) they tend to be extremely demanding, jump to conclusions, threaten to leave (as if their individual exodus due to a perceived slight from lack of direct response to them would magically collapse the project), and doing so has very little chance of being a net positive for the project at this stage. Individual communication on the myriad of platforms that this is being discussed (especially as each one seems to have "why aren't they talking to us here!" undertones) is an utter waste of time and while it is important to have seemingly constant feedback at the start of a project, the exponential increase in the number of users has had a similar increase in the number of people in the "FOSS community" that expect to be communicated with directly and believe their viewpoint to be valid, important, or even essential to the continued existence of the project.

      Simply put: Yes, the repo is outdated, but I have every reason to believe that they're just busy working on things other than making sure that a single repo has been updated as every single organization has things that slip through the cracks and are caught later.

      13 votes
      1. [7]
        vaddi
        Link Parent
        Honestly I think that compared to most FOSS projects, when it comes to money, Signal can't complain about not being able to do things due to the lack of resources as they got 50M from the Whatsapp...

        I can't blame Signal for not actively communicating with the "FOSS community" as that takes time, money,

        Honestly I think that compared to most FOSS projects, when it comes to money, Signal can't complain about not being able to do things due to the lack of resources as they got 50M from the Whatsapp founder some years ago. Moreover, from the moment they start accepting donations, with this:

        The team at Signal is committed to the mission of developing open source privacy technology that protects free expression and enables secure global communication.

        as the webpage's opening statement, they have the moral obligation to at least try and honor it.

        8 votes
        1. [6]
          AugustusFerdinand
          Link Parent
          Sure they can. The amount of money they have has no bearing on whether or not paying someone to deal with the community is a smart use of those resources. Have they not? Is the lack of a current...

          Honestly I think that compared to most FOSS projects, when it comes to money, Signal can't complain about not being able to do things due to the lack of resources as they got 50M from the Whatsapp founder some years ago.

          Sure they can. The amount of money they have has no bearing on whether or not paying someone to deal with the community is a smart use of those resources.

          as the webpage's opening statement, they have the moral obligation to at least try and honor it.

          Have they not? Is the lack of a current update to a single repo evidence that they haven't fulfilled the moral obligation to at least try and honor it?

          4 votes
          1. [5]
            vaddi
            Link Parent
            From my point of view, since other projects do it with less or even no money it is not a smart use of those resources. And the result is people starting to complain for not being able to...

            Sure they can. The amount of money they have has no bearing on whether or not paying someone to deal with the community is a smart use of those resources.

            From my point of view, since other projects do it with less or even no money it is not a smart use of those resources. And the result is people starting to complain for not being able to scrutinize the code.

            Have they not? Is the lack of a current update to a single repo evidence that they haven't fulfilled the moral obligation to at least try and honor it?

            That is downplaying it a bit. Server side code is the most important repository, since it is what tells you as a user of what they are keeping about you. We already have the ( as far as I know currently impossible to solve) issue of not being able to surely know which version of a piece of software is running on the other party's computer. Not having access to the most recent code being developed is total lack of transparency.

            3 votes
            1. [4]
              AugustusFerdinand
              Link Parent
              Which implies ill will and circles back to my point that based on the entire history of Signal good faith is the safest, and most likely correct, assumption.

              Not having access to the most recent code being developed is total lack of transparency.

              Which implies ill will and circles back to my point that based on the entire history of Signal good faith is the safest, and most likely correct, assumption.

              1 vote
              1. [3]
                vaddi
                Link Parent
                I didn't understand this last sentence, sorry. From which party do you mean "ill will"?

                I didn't understand this last sentence, sorry. From which party do you mean "ill will"?

                2 votes
                1. [2]
                  AugustusFerdinand
                  Link Parent
                  On Signal's part. Could be confusion on both our parts. I see "total lack of transparency" as a malicious act in regards to a FOSS project, so if Signal does have a lack of transparency on the...

                  On Signal's part.

                  Could be confusion on both our parts. I see "total lack of transparency" as a malicious act in regards to a FOSS project, so if Signal does have a lack of transparency on the code it has to be purposeful and therefore ill will. I don't believe it is on purpose and so I don't think it's a lack of transparency.

                  Not sure if that clears up my point or not, but let me know.

                  3 votes
                  1. vaddi
                    (edited )
                    Link Parent
                    Oh ok, I got it. But I don't agree as I don't think that it has to be one of those options. They could simply not care enough to bother and have the repository up to date. They might think that it...

                    Oh ok, I got it. But I don't agree as I don't think that it has to be one of those options. They could simply not care enough to bother and have the repository up to date. They might think that it doesn't benefit them directly so they don't do it. So it doesn't have to necessarily be malice or on purpose for some hidden reason.
                    However from the user's perspective transparency is one characteristic that you would expect from a institution that claims to be on the "users' side". In the end, there is always trust involved, but some actions make it easier or harder to trust.

                    Edit: changed "in the limit" to "in the end", turns out that the former makes no sense in English.

                    3 votes