On 23 oct. 2013, at 01:53, Ian Goldberg wrote:
>
> To be explicit, removing support for OTRv1 from libotr 3.x is totally
> fine (and indeed libotr 4.x has already done it).
Ian, thanks a lot for the input.
I guess it's all good then, no objection for an NMU and thanks in advance to
whoever will
On 22 oct. 2013, at 20:17, intrigeri wrote:
> Hi Thibault,
Hi,
>
> intrig...@debian.org wrote (08 Oct 2013 09:27:56 GMT) :
>> as you are surely aware of, it's been known [1] since 2006 that
>> clients supporting both OTRv1 and v2 (such as libotr 3.x) are subject
>> to protocol downgrade attacks
