[OTR-dev] Project status - release to next Debian release ( trixie)?

Howard Chu hyc at symas.com
Thu Mar 6 11:09:51 EST 2025 

Jurre van Bergen wrote:
> Bad idea,
> 
> I don't know what purple-otr is,

It was discussed on this list https://lists.cypherpunks.ca/pipermail/otr-dev/2011-December/001231.html

> but I see it hasn't taken any patches from upstream past 2013 and is still vulnerable to:
> https://nvd.nist.gov/vuln/detail/CVE-2015-8833

I can merge whatever upstream patches are missing.
> 
> On 06/03/2025 15:04, Howard Chu wrote:
>> Hefee wrote:
>> > Hey,
>>
>> > thanks a lot for some insights into the the "project status" and this makes me feel comfortable to ship libotr and pidgin-otr in trixie.
>>
>> I would still recommend using purple-otr instead, since it supports both pidgin and finch.
>> https://github.com/hyc/purple-otr
>>
>>
>> > Regards,
>>
>> > hefee
>>
>> > --
>>
>> > On Mittwoch, 5. März 2025 01:03:26 Mitteleuropäische Normalzeit Jurre van Bergen wrote:
>> >> Hi Hefee,
>> >>
>> >> On 04/03/2025 22:26, Hefee wrote:
>> >>> Hey,
>> >>>
>> >>> thanks a lot for this fast response on the git repos, than I keep the links to point to otr.cyperpunks.ca.
>> >>
>> >> Perfect!
>> >>
>> >>> That at least give me a first idea, that there are still people caring about libotr. *yeah*
>> >>>
>> >>> As the next Debian release (trixie) will soon happen, I started to look at the packages, if they are still vital for the next years.
>> >>>
>> >>> libotr/pidgin-otr doesn't seen any update since 2016. As I cannot scan through the bugtracker I cannot decide, if bugs are just piling up or is OTR
>> >>> just in "maintanacne mode". With "maintance mode" I mean no active development, but issues may be fixed, if they are to big to ignore ;)
>> >>
>> >> Those will get fixed yeah!
>> >>
>> >>> * Are you aware of any issue, that would mark libotr or pidgin-otr as please do not ship it to endusers?
>> >>
>> >> Personally no, except that Pidgin itself is a trash fire :)
>> >>
>> >>> * Are security vulnerabilities still been processed?
>> >>
>> >> Yes, if someone reports a security vulnerability and becomes known to us we'd ship a new version and will request a cve.
>> >>
>> >> Best,
>> >>
>> >> Jurre
>> >>
>> >>> _______________________________________________ OTR-dev mailing list OTR-dev at lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>>
>>
>> > _______________________________________________ OTR-dev mailing list OTR-dev at lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
>>
>>
>>
>> _______________________________________________ > OTR-dev mailing list > OTR-dev at lists.cypherpunks.ca > http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
> 
> _______________________________________________
> OTR-dev mailing list
> OTR-dev at lists.cypherpunks.ca
> http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
> 


-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the OTR-dev mailing list