❌ Software Removal | PeaZip #1782
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1782
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
I suggest removing PeaZip.
Why I am making the suggestion
PeaZip websites cannot be accessed without TLS 1.0 enabled.
Not only SSL3.0 but also SSL2.0 is effective.
Encryption software created by people who cannot properly manage a web server. I do not want to use.
https://www.ssllabs.com/ssltest/analyze.html?d=www.peazip.org
https://www.hardenize.com/report/peazip.org/1584027400
My connection with the software
Unrelated
Yes this is definitely an issue, seems to be an old Microsoft server:
Strangely they seem to have TLS 1.2 disabled.
Not many people could view this site anyway Chrome, Edge, IE, Firefox, and Safari to disable TLS 1.0 and TLS 1.1 in 2020.
I don't think this deserves a de-list, though, this can be fixed with an e-mail to them.
Agreed with @5a384507-18ce-417c-bb55-d4dfcc8883fe , their website is clearly old, but the software is regularly updated, latest release was 6 days ago (via GitHub). Could the lack of protection from the website lead to a malicious actor changing the downloaded software? We could point to the release page on their GitHub repo, although, as you can check on the Windows download page, the file is hosted by OSDN, which has the necessary protections in place. I believe there is no need to change.
I did send them an email (should have mentioned that). I (haven't yet received a reply, but most likely we will just link to their github or sourceforge page. Both seem to be updated.
I'm not entirely sure why it was added in the first place, so my guess is that it was legacy from the days when privacytools.io really had no/little requirements.
This software isn't tracked by version control, the author simply just uploads a tarball. I don't really like this as it makes it difficult to track what has changed through commits. 7-Zip doesn't either unfortunately.
The author hasn't gotten back to me regarding the issues with their site, although that could have something to do with what is going on in the world currently.
This software is not cryptographically signed ie with pgp or minisign etc. Nor is it in any distribution repositories. The Linux version of this depends on Qt4/GTK2 which are both deprecated for GTK3 and Qt5. No distribution has packaged it. I doubt they will while depending on these libraries. I can't see if there's a development branch with a newer version either. I would be curious to know if future development of this actively developed project has any likelyhood of a GTK3/Qt5 port.
I am in favor of #1784 and p7zip as I feel that would be a better recommendation for Linux/BSD users, as that integrates into tools like File Roller, Xarchiver, Ark and is distributed through distributor repositories.
I would be recommending in future requirements for software to be added that it must:
I vote for removing peazip and swapping it with 7zip.
I greatly agree.
Also, Keka is not open source so maybe we should remove that.
nah the whole idea not go inside my brain, you punish people because they not updated their site ? i mean he said software is updated also what if they not good at web servers ? or they not know web development how that will effect my security by using their app ? i not get it, its not same programming language so i not give a darn if their website updated or not all i care about their app is good enough or not and he clearly said its kept updated so nope give me another reason
I know its late but i gotta say my point of view and my point of view that your claim is bad and i want more convincing one
Hello, in first place let me apologyze for the delay TLS 1.2 was implemented and for the lack of prompt feedback.
I can confirm you that TLS1.2 is now supported, and older insecure protocols as TLS 1.0 and SSL 2/3 were dropped.