Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is app is just a wrapper starting an exe with args, it's not doing much ...

I would actually say it's pretty dangerous to have something installing .msi from git, touching registry etc ...

https://github.com/TunnlTo/desktop-app/blob/main/src-tauri/s...

https://github.com/TunnlTo/desktop-app/tree/main/src-tauri/w...



> This is app is just a wrapper starting an exe with args, it's not doing much ...

You're free to run WireSock in the terminal. It's linked to in this post and in the github repo. TunnlTo aims to make WireSock more accessible and to add some quality of life features. I'm collaborating with the WireSock creator and while it may seem simple at the moment it is early days... we had to start somewhere.

> I would actually say it's pretty dangerous to have something installing .msi from git, touching registry etc ...

Did you look at this code?: https://github.com/TunnlTo/desktop-app/blob/main/dist/setup....

It tells the user why it needs to install the msi, explains what it is, and gives them the option to proceed. The msi is signed by the same EV code signing certificate as the TunnlTo app. There is also information about WireSock and links in the GitHub readme.

> installing .msi from git

The .msi doesn't come from "git", it is included in the TunnlTo installer which is standard practice.

> touching registry etc ...

I'm not sure why there would be a concern if a msi interacts with the registry? That is pretty standard stuff.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: