Gajim - 2017-04-03


  1. bot Philipp Hörist pushed 10 commits to branch _refs/heads/gajim_0.16_ of _gajim_ <https://dev.gajim.org/gajim/gajim>: *9279a76b* <https://dev.gajim.org/gajim/gajim/commit/9279a76bd076c354e16365377337cb7c7b51b409> Allow IBB FT to bare JIDs *ba2010da* <https://dev.gajim.org/gajim/gajim/commit/ba2010dafc255542d38b677a82b6577ed8eacc9b> Close IBB Stream correctly *88da5dee* <https://dev.gajim.org/gajim/gajim/commit/88da5deea8db81f55866c2977af7b047f136dace> Read/Write file in binary mode *dc38753a* <https://dev.gajim.org/gajim/gajim/commit/dc38753acf5319cf031c0e594e1fc0cb157b7d5b> Dont hash file on filetransfer error *4a814c3f* <https://dev.gajim.org/gajim/gajim/commit/4a814c3f940e3ef90db0307456330feee9aa6f7e> Fix typo in event type *e3b40633* <https://dev.gajim.org/gajim/gajim/commit/e3b40633c7c209676e9b3c60b005188492818cdf> Only make pause button active on pause-able transfers *d121dc31* <https://dev.gajim.org/gajim/gajim/commit/d121dc31c5920abeb48950a06bc71b988b43b615> On IBB cancel set correct 'to' attr *450160a1* <https://dev.gajim.org/gajim/gajim/commit/450160a144a0badd3795b9ef1af68513d7a32da8> Refactor IBB Handlers - Move handling of Data IQs into IBBIqHandler - Call SendHandler with file_props - Save last sent id in file_props.syn_id - Remove some useless checks, now that we call SendHandler with file_props - Send item-not-found error on invalid session id *7b673eaf* <https://dev.gajim.org/gajim/gajim/commit/7b673eaf12c6f8e00703231cb5e9771a2d56758b> Remove not working proxys *755b9bed* <https://dev.gajim.org/gajim/gajim/commit/755b9bed1bc6adc955d077de9c0d29671d521567> Merge branch 'fixjingle' into 'gajim_0.16' Fix IBB See merge request !76
  2. tanager Hi all, are there any security design docs for the gajim plugin system?
  3. tanager I see that the plugininstaller plugin recently added httpS checking and httpS certificate pinning, but are there any plans for a wider security approach? Like signing plugin pkgs
  4. tanager I ask because gajim seems to currently be nearly the only desktop client supporting OMEMO, which puts it in kind of a special place
  5. tanager This might be of interest
  6. tanager https://theupdateframework.github.io/
  7. lovetox tanager, no not really
  8. lovetox you dont have to get omemo from gajim plugin manager
  9. lovetox you can also get it for example on debian from the repos
  10. lovetox if that makes it more secure too you
  11. lovetox also, neither the signal lib that gajim omemo uses, or the plugin is audited
  12. lovetox also gajim itself has probably multiple security problems
  13. lovetox so to invest that much time into an update mechanism is i believe a waste of time
  14. lovetox you can also download the plugin from git if that makes it more secure for you
  15. lovetox also gajim is not the only desktop client
  16. lovetox pidgin also has omemo support, and other clients are on the verge of supporting it