Skip to content

docs: re-home the project at tarnover/send and feature ffsend#5

Merged
jaschadub merged 1 commit into
masterfrom
docs/upstream-and-clients
May 22, 2026
Merged

docs: re-home the project at tarnover/send and feature ffsend#5
jaschadub merged 1 commit into
masterfrom
docs/upstream-and-clients

Conversation

@jaschadub
Copy link
Copy Markdown
Member

@jaschadub jaschadub commented May 22, 2026

Summary

Rewrites README.md and updates the docs to:

  1. Present this repository (tarnover/send) as the home of the maintained fork, with the full lineage acknowledged: `mozilla/send → timvisee/send → tarnover/send`.
  2. Surface `ffsend` prominently as a first-class client. It's now in the Quick start, the Clients section, the FAQ, and the security docs — explicitly recommended for any sensitive workflow because it sidesteps the operator-shipped-JS class of risk.
  3. Cut over deployment instructions to GHCR + tarnover URLs while keeping a cross-reference to the upstream `timvisee/send` GitLab image (the two stay protocol-compatible).
  4. Add `docs/security.md` — threat model, the specific hardening this fork carries vs upstream (with file:line citations), CVE posture, and known limitations.

Files touched

  • `README.md` — full rewrite: new badges (GHA + GHCR), Quick-start with `ghcr.io/tarnover/send`, "What's different in this fork" section, expanded Clients table, Acknowledgements, contributing pointer that asks contributors to also upstream where relevant.
  • `docs/security.md` — new file. Documents threat model, per-finding rationale for the hardening landed in #1, CVE posture (linked to #3), and known limitations.
  • `docs/docker.md` — default image is now `ghcr.io/tarnover/send:latest`. Adds a tag-list table. Cross-references the upstream GitLab image. `timviseesend` example network name renamed to `sendnet`.
  • `docs/deployment.md` — git clone URL points at tarnover.
  • `docs/AWS.md` — git clone URL + systemd `Documentation=` URL point at tarnover.
  • `docs/faq.md` — drops the stale `send.firefox.com/legal` telemetry pointer (this fork ships no telemetry), updates source link, adds a "Is there a command-line client?" question recommending `ffsend`.

What I deliberately didn't change

  • Upstream cross-references for the GitLab image and for `send-docker-compose` (the upstream still hosts those — there is no point shadowing them here).
  • The MPL license / Mozilla copyright in headers and `LICENSE` — that's the legal lineage and stays.
  • Anything outside docs and the README. Code is unchanged.

Test plan

  • Visual check on rendered README at https://github.com/tarnover/send/tree/docs/upstream-and-clients.
  • All in-repo links resolve (`README.md` and `docs/security.md` reference `docs/docker.md`, `docs/deployment.md`, `docs/encryption.md`, etc.).
  • No remaining `gitlab.com/timvisee/send` URLs that should have been replaced (a couple are intentionally kept as cross-references to upstream).

@jaschadub
docs: point home base at tarnover/send and surface ffsend prominently
8d08d7f 
README rewritten to:
- frame this repo as the maintained fork (mozilla -> timvisee -> tarnover)
- replace gitlab/timvisee badges with github actions + ghcr badges
- feature ffsend as a first-class client option for security-critical use
- summarize what's different in this fork (security hardening, ghcr build,
  short /dl path, CVE-clean prod tree) with links to the relevant PRs
- update install/run commands to ghcr.io/tarnover/send
- keep upstream acknowledgments for mozilla, timvisee, and contributors

docs/docker.md - default image is now ghcr.io/tarnover/send:latest; upstream
gitlab image is cross-referenced as still-compatible; tag list documented.

docs/deployment.md, docs/AWS.md - git clone URL updated to tarnover.

docs/faq.md - drops the stale send.firefox.com telemetry note (this fork
ships no telemetry), updates the source-code link, and adds a CLI question
pointing at ffsend.

docs/security.md (new) - documents the threat model, the specific
server-side hardening this fork carries vs upstream, the standing CVE
posture (production tree clean except aws-sdk v2 EOL), known limitations
(operator JS substitution, FxA verify trust, host-header trust under
DETECT_BASE_URL), and where to report issues.
@jaschadub jaschadub merged commit c5d722c into master May 22, 2026
1 check passed
@jaschadub jaschadub deleted the docs/upstream-and-clients branch May 22, 2026 17:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jaschadub