[OTR-dev] gauging the ressurection of otrproxy

Ian Goldberg ian at cypherpunks.ca
Tue Jan 11 16:56:22 EST 2011 

On Mon, Jan 10, 2011 at 12:11:48AM -0800, Nelson B Bolyard wrote:
> Hello:
> I'm trying to gauge the work to get otrproxy to build again and then
> update it to work with AOL's AIM7 client.  Although the sources in the
> otrproxy 0.3.1 source tarball are over 5 years old now, I'm hoping there
> are people here who can and will answer some questions about them.
> 
> 1. Does anyone still have a snapshot of the complete source tree from
> which the current windows binary distribution of otr-proxy was built?
> If so, would you be willing to make that available to me?

The source tree I have is exactly what's currently checked in to the
sourceforge repository.

> 2. Am I right that this code was never built on Windows, but only cross-
> compiled on Linux using mingw?

That's correct.

> Would changing this to build natively on windows (with gmake and free
> msvc) be unwelcome, even apostate?

Considering the code is basically orphaned right now, if you're willing
to make it work, then you can do it however you like.  ;-)  If it
_could_ still build on mingw, that would be useful, though.

> 3. According to the INSTALL file, the proxy wants some old versions of
> some libraries, which (after some digging) are all still available.
> But one wonders if there have been any vulnerabilities found and fixed
> since those old versions were produced.  Does updating otrproxy to try
> to use the latest "stable" versions of these libraries seem like a
> worthy task?
> 
>     Library      Desired  Current
>     Name         Version  Version
>     ------------ -------  -------
>     libgpg-error  1.0      1.9
>     libgcrypt     1.2.0    1.4.6
>     libotr        2.0.1    3.2.0
>     wxWidgets     2.5.x    2.8.11

Yes, that would seem to be a good idea, if you have the stomach for it.
;-)

> 4. Is there any repository of information about the changes to the AIM
> client startup/login behavior in AIM7 from earlier versions?

I don't think the AIM protocol is properly documented anywhere.
(Or at least it wasn't at the time.) Further, this is the AIM HTTP proxy
protocol wrapped around the underlying (OSCAR?) protocol, for
double-undocumented fun.

   - Ian

More information about the OTR-dev mailing list