Comment by Arathorn
3 years ago
This is categorically not true, as per https://matrix.org/blog/2022/09/28/upgrade-now-to-address-en....
The only practical issue raised by https://nebuchadnezzar-megolm.github.io/ which we didn’t already fix is the question over whether servers or clients should control group membership. Our position is that it’s okay for the server to control it as long as clients are warned if malicious users/devices are added. Fixing it properly is Hard: for instance, if you are chatting in a room and it turns out that a remote user kicked another remote user, but the kick was delayed in reaching you, you could keep chatting away encrypting messages for a user who is no longer in the room and theoretically should not be receiving them. Is this a security flaw? Or is this just how causality works? So we’re dealing with problems similar to that; hopefully we will be able to switch to client controlled membership by end of year.
tptacek’s derision is not very constructive.
No comments yet
Contribute on Hacker News ↗