It seems like Signal may be another example of "read-only" open source, where there is no expectation anyone will actually try to _use_ the source code. Instead, there is an expectation that everyone will use binaries distributed by a third party and allow remote code installation and RCE of software on their computers _at the third party's discretion_. In other words, all users will cede control to a third party
NB. This comment is not referring to the "Signal protocol". It pertains to _control_ over the software that implements it
Perhaps manual, user-controlled updates is not part of the design
If the source code is available^1 then surely someone has modified it to remove the phone number requirement, not to mention other improvements
1. https://github.com/signalapp/Signal-Server
It seems like Signal may be another example of "read-only" open source, where there is no expectation anyone will actually try to _use_ the source code. Instead, there is an expectation that everyone will use binaries distributed by a third party and allow remote code installation and RCE of software on their computers _at the third party's discretion_. In other words, all users will cede control to a third party
NB. This comment is not referring to the "Signal protocol". It pertains to _control_ over the software that implements it