DarlanWho would have thought that Gajim 0.16 release would be delayed by over 9 - 10 months.
Darlanis angry at himself for reporting on so many bugs and sending too many feature request tickets.
guybrush88Darlan, why so? bug reports and feature requests are nice for improving the software
DarlanYes, you are correct, guybrush88, but there are not enough developers who would handle these reports in shorter amount of time.
DarlanRest assured, Gajim would be the best GTK+ chat client, and one of the most desired chat clients on its next major release or the one after it.
guybrush88Darlan, at least when developers with some time will join the project will see what to work on ;)
DarlanYup.
DarlanThe main developers are Asterix (leader), dicson (developer and maintainer), and fedor.brunner (mostly encryption related code).
DarlanI think we need developers who would work on code optimization of old code labeled as FIXME and on some UI enhancements.
Darlanguybrush88, another problem is that Asterix is not active, as of now, for several weeks, which also postpones an official release.
Darlandicson, may you join Gajim's bot?
dicsonno
dicsonDarlan, I do not have access to a Asterix computer
DarlanI thought it was a public bot :-P
DarlanThank you for your answer :-)
SouLOh
heavymetalHi, I sent a bugfix for the OTR plugin 4 months ago. I was wondering... what do I have to do in order to get it accepted? https://trac-plugins.gajim.org/ticket/89
mathieuiheavymetal, send it to the actual people maintaining it?
mathieuithe OTR plugin is not part of gajim.
heavymetalThen, why do you manage it on trac?
mathieuinot sure
mathieui(I’m not part of the gajim team, though)
heavymetalShouldn't the plugin authors being notified somehow of their bug reports?
mathieuibut the OTR plugin is there https://github.com/python-otr/gajim-otr
heavymetalAhm.
heavymetalOpened an issue to clarify the matter. https://github.com/python-otr/gajim-otr/issues/7
heavymetalHow does gOTR know if the partner supports OTR?
mathieuiit doesn’t
mathieuiOTR is like that.
heavymetalCool, no wonder it is so widely used.
heavymetalI wondered because every time I send a message to someone who does not use OTR the massage goes with an strange amount of trailing tabs and spaces.
mathieuihmm?
mathieuiif you enable OTR and your contact does not, it will see some stuff about him not having OTR
Holgerheavymetal: See <https://otr.cypherpunks.ca/Protocol-v3-4.0.0.html> -> "Tagged plaintext messages".
mathieui(see also: OTR sucks)
heavymetalI feared it...
heavymetalIt's ugly, breaks bots and annoys buddies.
heavymetalSeriously, gajim XML-based E2E is *awesome*. Why every client went with the plaintext crap?
mathieuibecause it’s mostly a hack, and doesn’t provide as many nice crypto properties as OTR
heavymetalBut it's usable.
heavymetalSecurity without usability has... well, it has no use.
mathieuiBut many people use OTR now, so this kind of defeats the point
heavymetalEvery gajim user gets a nice layer of protection against pasive attackers every time they talk with other gajim user.
heavymetalI'm not sure, OTR implementations feel really buggy to be *that* used.
heavymetalIndeed, I'm thinking about uninstalling mine and keep with Gajim OTR, but some buggy implementations can believe I do not use OTR any longer and I would lost conectivity with some contacts.
heavymetal(particularly Bitlbee's)
mathieuiuh oh, bitlbee
heavymetalSelf hosted.
heavymetalBut you pick the point.
mathieuiYeah, that doesn’t fix the bugs :°)
heavymetalAt least it would be nice if the protocol was eventually fixed.
heavymetale.g. make OTR negotiations in the control channel, not through the visible message channel.
mathieuiLink Mauve, everyone is waiting for XTLS! go go go
heavymetal(as gajim does)
mathieuiheavymetal, yes, but there is the issue of the cryptographic analysis of the protocol, which I believe would change if we split stuff
heavymetalWhat do you mean with split stuff?
heavymetalAnd which is that cryptographic analysis?
mathieuiheavymetal, separate control/message
heavymetalAh, ok.
Link MauveYeah, I will finish my XTLS work ~soon.
mathieuithough yes, the initial payload isn’t encrypted or anything, it just starts with ?OTR
heavymetalhmmm... I don't think it should alter cryptographic properties.
mathieui/that/ could be one thing to fix in a potential standardization of OTR
heavymetalJust code as XML what before was coded as binary base64 or whatever.
mathieuierr
mathieuithe base64 is binary data, that’s the only way of sending binary data through an XML stream
heavymetalI referred to the frame, not to the data itself.
heavymetalThat is, in XML you envelop your data (even if encoded in base64) in human and parser-friendly tags.
heavymetalIn the OTR protocol everything is sent as base64, I assume there is a protocol to identify kind of messages (given bits of the decoded data) and separate fields.
heavymetalWhat's the difference between XTLS and OTR (apart from being different protocols)?
mathieuiOTR is protocol-agnostic, which makes it great and awful at the same time
mathieuibut XTLS is xmpp-centric, and creates an tunneled encrypted xmpp connection between two people
mathieuiand once that connection is set, you can send anything through, files, audio/video, message, etc
heavymetalCool.
mathieuino implementation yet, though
heavymetalForward secrecy is achieved with Ephemeral DH?
mathieuiyes, just like TLS
heavymetal(like in TLS)
heavymetalOk, it may be a good solution.
mathieui(which is why we must nag Link Mauve until he finishes the implementation)
heavymetalAltought the draft is expired in 2009 (?)
heavymetalDidn't it get well reception?
mathieuiWell, specs are nice, but after that you have to implement it
mathieui(moreover, for cryptographic stuff, you have to implement it right ^^)
heavymetalNo, you better do not implement it and use a library.
mathieuiwell, you implement it in the library
heavymetal(to the extent possible)
mathieuibut at some point, someone must do the work
heavymetalOpenSSL could do a tunnel like this, couldn't it?
mathieuiand I must say most people are already quite happy with the current state of things when every point-to-point connection is decently encrypted, and you moderately trust the server (e.g. yours)
mathieuiYes, we could and probably will use OpenSSL to encrypt the data and do the various verifications required by the protocol