Jurre van Bergen wrote: > Bad idea, > > I don't know what purple-otr is,
It was discussed on this list https://lists.cypherpunks.ca/pipermail/otr-dev/2011-December/001231.html > but I see it hasn't taken any patches from upstream past 2013 and is still > vulnerable to: > https://nvd.nist.gov/vuln/detail/CVE-2015-8833 I can merge whatever upstream patches are missing. > > On 06/03/2025 15:04, Howard Chu wrote: >> Hefee wrote: >> > Hey, >> >> > thanks a lot for some insights into the the "project status" and this >> > makes me feel comfortable to ship libotr and pidgin-otr in trixie. >> >> I would still recommend using purple-otr instead, since it supports both >> pidgin and finch. >> https://github.com/hyc/purple-otr >> >> >> > Regards, >> >> > hefee >> >> > -- >> >> > On Mittwoch, 5. März 2025 01:03:26 Mitteleuropäische Normalzeit Jurre van >> > Bergen wrote: >> >> Hi Hefee, >> >> >> >> On 04/03/2025 22:26, Hefee wrote: >> >>> Hey, >> >>> >> >>> thanks a lot for this fast response on the git repos, than I keep the >> >>> links to point to otr.cyperpunks.ca. >> >> >> >> Perfect! >> >> >> >>> That at least give me a first idea, that there are still people caring >> >>> about libotr. *yeah* >> >>> >> >>> As the next Debian release (trixie) will soon happen, I started to look >> >>> at the packages, if they are still vital for the next years. >> >>> >> >>> libotr/pidgin-otr doesn't seen any update since 2016. As I cannot scan >> >>> through the bugtracker I cannot decide, if bugs are just piling up or is >> >>> OTR >> >>> just in "maintanacne mode". With "maintance mode" I mean no active >> >>> development, but issues may be fixed, if they are to big to ignore ;) >> >> >> >> Those will get fixed yeah! >> >> >> >>> * Are you aware of any issue, that would mark libotr or pidgin-otr as >> >>> please do not ship it to endusers? >> >> >> >> Personally no, except that Pidgin itself is a trash fire :) >> >> >> >>> * Are security vulnerabilities still been processed? >> >> >> >> Yes, if someone reports a security vulnerability and becomes known to us >> >> we'd ship a new version and will request a cve. >> >> >> >> Best, >> >> >> >> Jurre >> >> >> >>> _______________________________________________ OTR-dev mailing list >> >>> [email protected] >> >>> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev >> >> >> > _______________________________________________ OTR-dev mailing list >> > [email protected] >> > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev >> >> >> >> _______________________________________________ > OTR-dev mailing list > >> [email protected] > >> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > > _______________________________________________ > OTR-dev mailing list > [email protected] > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev > -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ _______________________________________________ OTR-dev mailing list [email protected] http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
