Garrett Robinson
Garrett Robinson
Note that SecureDrop is not compiled, it is a Python web application (at the moment, this may change somewhat for 1.0, but it probably still won't be natively compiled). What...
> Could this proposal be completely implemented through the use of gpg-signed git tags for releases? Possibly. We already do this (last release's [signed tag](https://github.com/freedomofpress/securedrop/releases/tag/0.2.1)). There are some compiled components...
> Say that in the future, we want people to be able to use SecureDrop by downloading a release as a .zip file instead of having to use git clone....
It seems like the goal is to be able to compare the software that goes into production with an publicly auditable copy (like this Github repo). So maybe what we...
> can we just use zip instead? Sure!
This is WIP by hackathon people.
Moving milestone to 0.4, this was not implemented for 0.3
If this is ever implemented, we should hide the recipients as suggested in #13. See https://github.com/freedomofpress/securedrop/issues/13#issuecomment-86202424 for context.
> However, this doesn't show up in pshtt at all, so there's no way to detect this kind of thing. True! There are also other redirect techniques beyond meta redirects...
I just discovered that the generic tags (`{% analytical_head_top %}`, etc.) work differently than the specific tags (e.g. `{% piwik %}`). Unlike the specific tags, which fail with an error...