Source code
Hi Proton Mail make your source code open for all developers .Upload your Source code in github.com and Sourceforge .
-
Chiendent Compton commented
code mail
-
Chiendent Compton commented
code
-
Sami Wfa commented
If you please ineed gift code please help me
-
mook commented
Does Protonmail consider moving away from Github since it's purchase of Microsoft?
-
Delacrix Morgan commented
Yeah, when is the mobile clients source code to be open sourced?
-
Anonymous commented
There is still work to do here. The mobile clients are not yet open source.
-
AdminProton (Admin, Proton) commented
Hello all, you can learn more about our code base and the open source technologies ProtonMail is built upon here: https://blog.protonmail.ch/protonmail-open-source-crytography/. More to come! We appreciate all your support.
-
Cameron Taylor commented
This should be commercial open-source, but allow for community contributions to security and features to be posted on a ProtonMail forum.
"I don't agree, as others have said, it opens the potential for security holes to be exploited. Just get it audited privately and be open about the results of those audits."
This approach is often used and universally understood by the ComSec industry to be extremely bad for security. Security by obscurity is not actual security, not to mention it is usually broken quite easily. You want to keep the window of opportunity is small as possible, since there is no such thing as perfect security. Open source means more eyes see the problems, which means they are identified and fixed earlier. Once you get past a certain level of security policies, the real issue comes from either phishing on the end-point (i.e. user device) or improper implementation from the server (i.e. ProtonMail servers). Security by obscurity, in contrast, practically guarantees poor security by ignorance of security issues.
-
Anonymous commented
I don't agree, as others have said, it opens the potential for security holes to be exploited. Just get it audited privately and be open about the results of those audits.
-
Protonly commented
Without the source we cannot trust it.
-
Anonymous commented
I believe open source is essential in projects like this one. It is all about trust and nobody can trust PM when it's source is closed.
-
Satoshi commented
How has this still not happened? Until source is out, Proton loses to the likes of Tutanota.com
-
Jo commented
I would not recommand to put the entire code publicly available, as it would threaten the security by exposing security holes. Just take SSL in example...
-
Seamus commented
While I would like to see the source code for the entire proton mail stack open sourced, from a security perspective I question the value of open sourcing the server code. Since the proton mail servers are not directly under user control, there is no guarantee that the code available online is the actual code being executed by the servers.
I really like the client code pinning idea Glenn put forward. I also think that the client code should be made available in a non-minified form on github or similar to aid with security reviews.
-
derSchweiz commented
wonder if any of you would actually review it or just asking to do so because "you can".
making security relevant code publicly available would create trust. would be a plus in my eyes too.
keeping the other code closed ... i wouldnt mind. -
Glenn commented
Open sourcing could help the code to eventually be "pinned" with a browser plugin, so that even compromising ProtonMail.ch (or the certificate authority) is of limited benefit to an attacker.
-
Satoshi commented
This should be the number 1 vote for an email client such as this......Open Source or GTFO
-
brian commented
Yep, this is where Tutanota has you beat. Until your source is open for review by security geeks you can't really be trusted.