[OTR-dev] Project status - release to next Debian release ( trixie)?

Jurre van Bergen drwhax at riseup.net
Thu Mar 6 10:47:40 EST 2025 

Bad idea,

I don't know what purple-otr is, but I see it hasn't taken any patches 
from upstream past 2013 and is still vulnerable to: 
https://nvd.nist.gov/vuln/detail/CVE-2015-8833

On 06/03/2025 15:04, Howard Chu wrote:
> Hefee wrote:
> > Hey,
>
> > thanks a lot for some insights into the the "project status" and 
> this makes me feel comfortable to ship libotr and pidgin-otr in trixie.
>
> I would still recommend using purple-otr instead, since it supports 
> both pidgin and finch.
> https://github.com/hyc/purple-otr
>
>
> > Regards,
>
> > hefee
>
> > --
>
> > On Mittwoch, 5. März 2025 01:03:26 Mitteleuropäische Normalzeit 
> Jurre van Bergen wrote:
> >> Hi Hefee,
> >>
> >> On 04/03/2025 22:26, Hefee wrote:
> >>> Hey,
> >>>
> >>> thanks a lot for this fast response on the git repos, than I keep 
> the links to point to otr.cyperpunks.ca.
> >>
> >> Perfect!
> >>
> >>> That at least give me a first idea, that there are still people 
> caring about libotr. *yeah*
> >>>
> >>> As the next Debian release (trixie) will soon happen, I started to 
> look at the packages, if they are still vital for the next years.
> >>>
> >>> libotr/pidgin-otr doesn't seen any update since 2016. As I cannot 
> scan through the bugtracker I cannot decide, if bugs are just piling 
> up or is OTR
> >>> just in "maintanacne mode". With "maintance mode" I mean no active 
> development, but issues may be fixed, if they are to big to ignore ;)
> >>
> >> Those will get fixed yeah!
> >>
> >>> * Are you aware of any issue, that would mark libotr or pidgin-otr 
> as please do not ship it to endusers?
> >>
> >> Personally no, except that Pidgin itself is a trash fire :)
> >>
> >>> * Are security vulnerabilities still been processed?
> >>
> >> Yes, if someone reports a security vulnerability and becomes known 
> to us we'd ship a new version and will request a cve.
> >>
> >> Best,
> >>
> >> Jurre
> >>
> >>> _______________________________________________ OTR-dev mailing 
> list OTR-dev at lists.cypherpunks.ca 
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
>
> > _______________________________________________ OTR-dev mailing list 
> OTR-dev at lists.cypherpunks.ca 
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>
>
>
> _______________________________________________ > OTR-dev mailing list > OTR-dev at lists.cypherpunks.ca > 
http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cypherpunks.ca/pipermail/otr-dev/attachments/20250306/0d7c2308/attachment.htm>

More information about the OTR-dev mailing list