Package: gaim
Version: 1:2.0.0+beta3-4
Severity: normal

Hi,

I noticed that the jabber code warns me when the password would be
transmitted in clear text over the network, which is very clever and
nice. But when I then use the "change password" functionality, gaim
silently sends the new passwords over an unencrypted link. This is
inconsistent, and should probably changed.

(Not that users of a non-TLS or SSL link have a chance, because
something like Digest, which might be used to secure the login passwort,
does not work here. But a warning to the user should happen.)

Same probably applies to account registering, but I have not verified
that.

Thanks,
Joachim


-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16.otto
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)

Versions of packages gaim depends on:
ii  gaim-data               1:2.0.0+beta3-4  multi-protocol instant messaging c
ii  libao2                  0.8.6-4          Cross Platform Audio Output Librar
ii  libaspell15             0.60.4-4         GNU Aspell spell-checker runtime l
ii  libatk1.0-0             1.11.4-2         The ATK accessibility toolkit
ii  libaudiofile0           0.2.6-6          Open-source version of SGI's audio
ii  libavahi-compat-howl0   0.6.10-1         Avahi Howl compatibility library
ii  libc6                   2.3.6-15         GNU C Library: Shared libraries
ii  libcairo2               1.0.4-2          The Cairo 2D vector graphics libra
ii  libdbus-1-2             0.61-6           simple interprocess messaging syst
ii  libdbus-glib-1-2        0.61-6           simple interprocess messaging syst
ii  libfontconfig1          2.3.2-7          generic font configuration library
ii  libfreetype6            2.2.1-2          FreeType 2 font engine, shared lib
ii  libgadu3                1:1.6+20060215-1 Gadu-Gadu protocol library - runti
ii  libgcrypt11             1.2.2-1          LGPL Crypto library - runtime libr
ii  libglib2.0-0            2.10.3-1         The GLib library of C routines
ii  libgnutls11             1.0.16-14+b1     GNU TLS library - runtime library
ii  libgtk2.0-0             2.8.18-1         The GTK+ graphical user interface 
ii  libgtkspell0            2.0.10-3+b1      a spell-checking addon for GTK's T
ii  libice6                 1:1.0.0-3        X11 Inter-Client Exchange library
ii  libmeanwhile1           1.0.2-2          open implementation of the Lotus S
ii  libpango1.0-0           1.12.3-1         Layout and rendering of internatio
ii  libperl5.8              5.8.8-6          Shared Perl library
ii  libpng12-0              1.2.8rel-5.1     PNG library - runtime
ii  libsm6                  1:1.0.0-4        X11 Session Management library
ii  libstartup-notification 0.8-1            library for program launch feedbac
ii  libx11-6                2:1.0.0-6        X11 client-side library
ii  libxcursor1             1.1.5.2-5        X cursor management library
ii  libxext6                1:1.0.0-4        X11 miscellaneous extension librar
ii  libxi6                  1:1.0.0-5        X11 Input extension library
ii  libxinerama1            1:1.0.1-4        X11 Xinerama extension library
ii  libxrandr2              2:1.1.0.2-4      X11 RandR extension library
ii  libxrender1             1:0.9.0.2-4      X Rendering Extension client libra
ii  libxss1                 1:1.0.1-4        X11 Screen Saver extension library
ii  zlib1g                  1:1.2.3-11       compression library - runtime

gaim recommends no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to