Of course @mollyim and @bitwarden both use Fastly, that don't have DNSSEC or RPKI validation.
Why did i expect security focussed project to care about the security of their domain / netowrk in the user release mechanism.
Discussion
Loading...
@lexinova Hey! Just to clarify, we don't use Fastly. Our releases are hosted on GitHub. If you have details on where you saw Fastly being used, we'd love to verify.
@mollyim https://bgp.tools/dns/molly.im (i checked it as we actually check all our repository), also have you considered a mirror (at the minimum) of github on service like codeberg.
That would allow us European and people that don"t like the AI push of Microslop to checkout your sources, and use your release outside of github.
thanks
@lexinova Thanks! We didn’t realize GitHub uses Fastly, and since we host molly.im there, that's shown in BGP. But DNSSEC/RPKI is not something we can enable ourselves.
Your point about mirrors is valid. We'll explore hosting and mirror alternatives.