[dodgerdan]

This is the issue distilled. And the retort seems to be “but we give a warning”.

Awfully weak stuff for a cypherpunk-ish protocol. The CCC crowd that rabidly hates anything centralised, thinks it’s insecure and corporate, are probably having a existential crisis. Matrix is doing a terrible job fixing the issues, worse they seem to downplaying and denying too. And the Tech press seem to dismiss the issue believing Matrixs’ claims there isn’t an issue.

[Arathorn]

I’m sorry - how are we doing a terrible job fixing the issues? We are working solidly to switch Element over to the newly audited vodozemac crypto implementation (https://matrix.org/blog/2022/05/16/independent-public-audit-...), and then implementing both TOFU and client-controlled group membership. https://github.com/matrix-org/matrix-spec-proposals/blob/fay...

We are not denying these issues - we just dare to disagree that they are as catastrophic as some suggest.

[tptacek]

Just so we're clear, I didn't say that you're doing a terrible job fixing the issues (I know the comment you're responding to said that, I'm just being careful not to cosign that.)