Skip to content
This repository has been archived by the owner on Jun 24, 2022. It is now read-only.

Delist Ricochet #1135

Merged
merged 4 commits into from
Aug 14, 2019
Merged

Delist Ricochet #1135

merged 4 commits into from
Aug 14, 2019

Conversation

Mikaela
Copy link
Contributor

@Mikaela Mikaela commented Aug 11, 2019

Description

Resolves: #781

Ricochet's development appears to be stopped and in the linked issue I proposed replacing it with Cwtch where I understand the development to continue. However there @blacklight447-ptio said that it's not in usable state and proposed replacing it with Briar instead, which we list as worth mentioning, so I think Ricochet was forgotten.

How long is Ricochet going to stay secure if it's unmaintained? Are users going to follow the instructions to update Tor binary? Are users going to follow Tor's releases and keep the Tor binary up-to-date? I think keeping it listed is a disaster waiting to happen.

Also Tor is misspelled as TOR in our description which in my opinion looks bad and if we won't delist it, we should fix that. I don't know if the misspelling looks like a warning to stay away though, so maybe it can be positive.

@netlify
Copy link

netlify bot commented Aug 11, 2019

Deploy preview for privacytools-io ready!

Built with commit 953d8c3

https://deploy-preview-1135--privacytools-io.netlify.com

@netlify
Copy link

netlify bot commented Aug 11, 2019

Deploy preview for privacytools-io ready!

Built with commit db46562

https://deploy-preview-1135--privacytools-io.netlify.com

nitrohorse
nitrohorse previously approved these changes Aug 11, 2019
Copy link
Contributor

@nitrohorse nitrohorse left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jonaharagon
Copy link
Contributor

I was under the impression Ricochet was still safe if the Tor binary was updated. It also doesn’t appear to be completely dead, it looks like development is just more focused on the protocol than the actual client.

@nitrohorse
Copy link
Contributor

I was under the impression Ricochet was still safe if the Tor binary was updated. It also doesn’t appear to be completely dead, it looks like development is just more focused on the protocol than the actual client.

Based on the open issues and PRs it sure looks unmaintained. Hmm... some digging...

The reason I am reluctant to add anyone to the github team is because I know the issues that lurk in the codebase, and the amount of work required to fix them - rolling out a new legacy ricochet release with a new tor version won't fix those problems - a new release without those gives users a false sense of security.

If there truly is desire to revive the old ricochet, I would strongly encourage you to redo both the authentication protocol and the regex handling - both are currently a source of legacy issues, and known vulnerabilities - neither are trivial to fix but If there are secure PRs for those submitted I will try and find time to review & merge them.

If there really is willingness and effort to fund work /input energy into metadata resistant communications, I would ask you to deeply consider joining us to move Cwtch forward rather than investing effort into reviving the original Ricochet.

ricochet-im/ricochet#600 (comment)

In addition to Cwtch it looks like some of the community has moved to https://ricochetrefresh.net/.

jonaharagon
jonaharagon previously approved these changes Aug 13, 2019
blacklight447
blacklight447 previously approved these changes Aug 14, 2019
@jonaharagon jonaharagon dismissed stale reviews from blacklight447, nitrohorse, and themself via db46562 August 14, 2019 15:27
@jonaharagon jonaharagon merged commit a011c0a into privacytools:master Aug 14, 2019
@jonaharagon jonaharagon deleted the delist-ricochet branch August 14, 2019 15:28
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

🆕 Software Suggestion | Replace Ricochet with Cwtch?
4 participants