I appreciated the links to the audit, but your quote was misleading to me when taken out of context like you did. I interpreted it as basically saying that the author couldn't or wouldn't address the issues identified. The full quote was:
> The upstream
author doesn't have enough resources to address them on its own and wants to
develop fixes in the open. Therefore I have created GitHub issues in the
upstream project and publish the full report today.
I.e. the "and wants to
develop fixes in the open" part left me with a very different interpretation from when I first read your comment.
These issues are pretty recent. I would greatly appreciate sponsorship to address issues faster: https://github.com/sponsors/schollz or just help with PRs.
Just wanted to say that Croc is one of the most reliable and straightforward file transfer tools I’ve ever used. It worked so well that I used it for Android (via Termux) to Windows transfers regularly. I only wish there was a way to use it on iOS but I imagine that’s challenging.
hn_throwaway_99|2 years ago
> The upstream author doesn't have enough resources to address them on its own and wants to develop fixes in the open. Therefore I have created GitHub issues in the upstream project and publish the full report today.
I.e. the "and wants to develop fixes in the open" part left me with a very different interpretation from when I first read your comment.
qrv3w|2 years ago
AequitasOmnibus|2 years ago
aborsy|2 years ago
https://redrocket.club/posts/croc/
But audits finding vulnerabilities are better than no audit and no known flaw.
Do these tools have iOS apps?
fmajid|2 years ago
https://nvd.nist.gov/vuln/detail/CVE-2023-43616
https://nvd.nist.gov/vuln/detail/CVE-2023-43617
https://nvd.nist.gov/vuln/detail/CVE-2023-43618
https://nvd.nist.gov/vuln/detail/CVE-2023-43619
https://nvd.nist.gov/vuln/detail/CVE-2023-43620
https://nvd.nist.gov/vuln/detail/CVE-2023-43621
I will stick with wormhole-william, thank you very much.