This looks like a quite promising fork of Dino.im (which has somewhat stalled in development).
It has significantly improved A/V calls it seems, built in Tor support, on-device database encryption and a few other interesting fixes and improvements.
No, I don’t know him. Seems like some dude in Germany 🤷 But a XZ like supply chain attack seems unlikely at the end of the supply chain 😅
They claim in their roadmap that they want to commission a security audit at the end of this year though.
In general I agree that it is good to be a bit sceptical of a fork appearing like that, but from what I gather from looking at the open upstream PRs, I am not overly surprised that people feel forced to make fork by now.
Looks promising. Hopefully the dinox fork fixes this embarrassing bug:
https://github.com/dino/dino/issues/971
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076963Both Dino-im and Profanity neglect to use e2ee by default.
Someone plz track down the Debian maintainer of dino and mention dinox to them. Would by nice to get that into Debian. The *.debian.org sites have been under an ongoing attack for weeks now… I’m blocked by fastly.
