| ▲ | saghul 2 days ago | ||||||||||||||||
Jitsi dev here. We are currently revisiting this. It exists because in cases such as when Jitsi Meet is being embdeed there are pre-join pages provided externally by the "host" site. We will be limiting how this can be used going forward. | |||||||||||||||||
| ▲ | qualeed 2 days ago | parent [-] | ||||||||||||||||
Is/will there be any discussion on how initial triage of potential security issues will be handled in the future? It was disappointing to see the responses in the post. A curt "It's a feature" to a valid security concern & disclosure, and not replying to a request to publish. Jitsi says "We encourage responsible disclosure for the sake of our users, so please reach out before posting in a public space.". But if no one bothers to reply, why bother to reach out to Jitsi in the first place? https://jitsi.org/ says, literally in the hero image banner, "More secure" as the first thing you see. The handling of this raises some concerns about that. (If you don't want to be scrutinized as much about privacy & security stuff, I would recommend not advertising "more secure" as the first thing people see on the site) | |||||||||||||||||
| |||||||||||||||||