undefined | Better HN

0 pointsamanzi2y ago0 comments

If it's just self-hosting that you're after, then yes - open-sourcing the server-side components would definitely help. Regarding their marketing as "open source" - I haven't seen their marketing claims, so I'll take your word for it, and in that case I agree with you - it's a disingenuous claim.

But my comments were mostly around your original post, where you said you were sceptical of their trustworthiness because they hadn't open-sourced the server-side components. This implied that you would trust them (and I assumed the SaaS service) more if they did this. I was just expanding on a theme that you mentioned: "unless they willingly serve binaries that are not actually built from that code...", and I was just highlighting the fact we would never know if this was happening. So if you're sceptical without them open-sourcing, you should remain sceptical even if they did open source the backend.

0 comments

1 comments · 1 top-level

hnarn2y ago

> you said you were sceptical of their trustworthiness because they hadn't open-sourced the server-side components

I never said that. I said that:

- Their marketing is disingenuous because they call themselves "open source",[1] when their server side component is in fact not open source.

- I was "skeptical" regarding one very specific thing:

> if their clients are indeed open source (...), and all encryption happens client-side before being sent to the server (...), how would it even be possible for this [tutanota being compromised] to be true?

[1]: You can confirm this by searching for `site:https://mastodon.social/@Tutanota open source`

j / k navigate · click thread line to collapse