search

disintar / toncli

TON Command Line Interface - easy smart contract manipulation
https://disintar.io/
Apache License 2.0
158 stars 35 forks source link

Installation step: yandex disk for libcrypto-1_1-x64.dll #107

Open SwiftAdviser opened 1 year ago

SwiftAdviser commented 1 year ago

Bug Type

Security

Reproduction steps

  1. Go to https://github.com/disintar/toncli/blob/master/INSTALLATION.md
  2. Try to download libcrypto-1_1-x64.dll

Actual result

You are obligated to download an unverified .dll file from yandex disk.

Expected result

  1. You can be sure that the library is verified
  2. You can download the library from the official source
  3. OR you can download the library from the non-russian-government cloud (not yandex.ru, mail.ru, or similar)

Suggested Severity

Vulnerability

Device

any

Additional Context

It's important, as TON Ecosystem grows, and if toncli wants to get more developers outside of Russia, better to rely on official resources, or at least services not connected to the Russian government (which sounds in-secure for the privacy of developers from the EU, and USA)

tvorogme commented 1 year ago

LGTM, waiting for PR by community