Gajim - 2019-06-24


  1. annelin >‎[09:12:01 PM] ‎rom1dep‎: annelin: wowh, you have a funky kallithea theme :) I don't know if you are the admin of it, but 0.4.1 is out I know, thanks
  2. annelin we backported all the security changes from 0.4.x branch
  3. EmleyMoor Is the roster additions window fixed yet?
  4. wurstsalat EmleyMoor: what do you mean?
  5. EmleyMoor I get lots, at present, of roster additions from one of my transports, but because I can only see two at a time it's hard to tell which ones are really needed. List needs to expand with window size
  6. wurstsalat yes, here https://dev.gajim.org/gajim/gajim/merge_requests/454
  7. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/478 >: WIP: Add Create Group Chat window
  8. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/478 >: WIP: Add Create Group Chat window
  9. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/478 >: WIP: Add Create Group Chat window
  10. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/458 >: WIP: ChatToMUC: Rework dialog
  11. jubalh Hi
  12. johnms Hello.
  13. jubalh Gajim stopped here with 'needs python-gnupg >= 0.3.8'
  14. jubalh I have 0.4.0 installiert. its this one: https://pythonhosted.org/python-gnupg/index.html
  15. jubalh the message in gajim mentions that there might be several packages with that name. is that the right one?
  16. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/478 >: WIP: Add Create Group Chat window
  17. lovetox jubalh, yes thats the right one
  18. lovetox but depending on your Gajim installation you might need the python3 version
  19. jubalh lovetox, someone else actually created a bugreport for my distro already: https://bugzilla.suse.com/show_bug.cgi?id=1138832
  20. jubalh lovetox, i have the python3 version installed
  21. lovetox first this is about the openpgp plugin
  22. lovetox there is also a pgp plugin
  23. lovetox openpgp is experimental and nobody supports it
  24. jubalh https://paste.opensuse.org/view/raw/8d1b6bd5 is what i get
  25. jubalh so also about the same plugin hehe
  26. lovetox yeah, install the other pgp plugin
  27. jubalh unfortunately thats not possible. because i all menus are greyed out in gajim
  28. lovetox then delete the plugin from .local/Gajim/plugins
  29. lovetox are you sure you have pgp even installed?
  30. jubalh gpg --version gpg (GnuPG) 2.2.16
  31. jubalh lovetox: i removed it from ~/.local/share/gajim/plugins
  32. lovetox hm have to check then why this gpg check fails
  33. jubalh nwo gajim starts again, but prints a message that python-gnupgp >= 3... is needed
  34. jubalh lovetox: whats the difference between the pgp and openpgp plugins?
  35. lovetox there is no python-gnupgp >= 3
  36. lovetox i doubt this is the error message
  37. jubalh 0.3.8
  38. lovetox the difference is different protocol standards
  39. jubalh "OpenPGP is not usable. Gajim needs python-gnupg >= 0.3.8" is the exact message
  40. jubalh lovetox: openpgp and pgp plugin abre about the same XEP?
  41. lovetox no
  42. lovetox as i said different standards
  43. jubalh openpgp plugin is XEP-0027 ? and pgp plugin is XEP-0373: OpenPGP for XMPP ?
  44. lovetox yes
  45. lovetox message means gajim cant find your python-gnupg installation
  46. lovetox open a python console type
  47. lovetox import gnupg
  48. lovetox gnupg.__version__
  49. lovetox but "OpenPGP is not usable" i dont find that string in our codebase
  50. jubalh lovetox: https://paste.opensuse.org/view/raw/31438663
  51. jubalh lovetox: well thats strange because thats the message that pops up
  52. lovetox in the console?
  53. jubalh nope a window pups up
  54. lovetox ah found it
  55. lovetox did you restart Gajim?
  56. lovetox Did you install a the other pgp plugin?
  57. lovetox This messge may popup if you dont have a pgp plugin installed but want to use pgp functionallity
  58. jubalh lovetox: http://iodoru.org/f/showgaj.png
  59. jubalh aha
  60. jubalh and how does it know i want to use pgp functionality?
  61. jubalh Yeah I have the other pgp plugin installed, but its currently disabled it seems, and has the message "warning: please install python-gnupg and PGP"
  62. jubalh hmm but it links to https://dev.gajim.org/gajim/gajim-plugins/wikis/pgpplugin
  63. jubalh so it might be the old still? even though i removed it?
  64. jubalh so the openpgp plugin links to 'https://dev.gajim.org/gajim/gajim-plugins/wikis/pgp' which is empty. and the 'pgp' one links to https://dev.gajim.org/gajim/gajim-plugins/wikis/pgpplugin but mentions XEP-0027.
  65. jubalh :)
  66. jubalh didnt we just say that 'openpgp' is the old one and thus xep0027 and 'pgp' should be the new one? :)
  67. wurstsalat > openpgp plugin is XEP-0027 ? and pgp plugin is XEP-0373: OpenPGP for XMPP ? other way round
  68. wurstsalat openpgp plugin: Experimental OpenPGP XEP-0373 Implementation
  69. wurstsalat manifest.ini doesn't link to the correct page yet https://dev.gajim.org/gajim/gajim-plugins/wikis/OpenPGPplugin
  70. annelin gajim-otrplugin release v0.3 — +support gajim from 1.0.3 to 1.1.99 (git) +fixed import with any plugin directory name +distributing with python3-potr +xhtml support +correct work with mam/groupchats +correct handling gajim encryption states +correct retransmitting message after session start
  71. annelin will be grateful if someone will help to test / hg clone http://dev.narayana.im/gajim-otrplugin /
  72. annelin thx for attn
  73. annelin and one more question to devs what we must do when received encryption offer if chat encryption is disabled? (https://i.imgur.com/5qBnJWQ.png)
  74. annelin - we must ignore encryption offer and act like we do not support it? - or it is acceptable to force-enable encryption without user confirmation app.config.get_per() and control.change_encryption() ?
  75. lovetox you can try to change it automatically
  76. lovetox though hard to say whats good here, if i dont want to use OTR, and it constantly sets itself to OTR probably annoying
  77. lovetox but you dont have to ignore a encryption negotiation
  78. lovetox you can complete the negotiation without user interaction, if thats possible with OTR
  79. annelin that's bad
  80. annelin other side will see that OTR negotiation is successful and encrypted conversation is started
  81. annelin and -- since our encryption state is not OTR -- if we reply, we will reply plain
  82. annelin I think that the way to reject offer is more correct. If someone will try to start OTR, you see smth like that: https://i.imgur.com/TmnoTuV.png
  83. annelin and then you can easily click on encryption button, enable OTR and open channel yourself
  84. lovetox but then nobody can write you a message unless your right in front of the computer
  85. lovetox this makes OTR even more useless
  86. annelin OTR is session-based encryption
  87. annelin and this behaviour from 2nd side just looks like I don't have OTR support and they automatically fall back to plain
  88. lovetox thats really bad, what do you expect how this works then
  89. lovetox User A: please activate OTR
  90. lovetox User A: are you ready?
  91. lovetox User B: yes i activate it in a second wait
  92. lovetox finally they make it
  93. lovetox just do negotiation automatically
  94. lovetox and change the encryption indicator
  95. annelin that's I asked for
  96. annelin - is that acceptable to enable encryption without user confirmation?
  97. lovetox You have to ask your Users that
  98. annelin I'll asking to know how its done in OMEMO / OpenPGP
  99. lovetox Its not done at all because its not necessary, there is no negotiation
  100. annelin if my chat encryption is set to None but user offers OMEMO — it will be enabled automatically?
  101. lovetox user can activate openpgp whenever he wants, and it stays there until the end of time
  102. annelin with pgp of course, you can decrypt any time
  103. lovetox also with omemo 🙂
  104. annelin hm
  105. lovetox but no there is no automatic encryption if thats what you ask
  106. annelin how can it be perfect-forward secret then if you can decrypt it any time?
  107. lovetox we dont activate encryption only because other user has the capabilities
  108. annelin I thought it is s session based like otr
  109. lovetox it is session based but not xmpp session based
  110. lovetox and its one session for eternety
  111. lovetox not every day a new one
  112. Zash OMEMO is started by publishing keys, or something
  113. annelin but if OMEMO privkey is revealed, I shouldn't able to decrypt whole session by protocol specs
  114. annelin so we have to store our state somewhere
  115. lovetox yes we do
  116. lovetox i dont know what you meant with "always decrypt"
  117. lovetox of course you cant decrypt old messages again etc
  118. annelin with PGP you can
  119. lovetox with always decrypt i meant, there is no negotiation necessary
  120. annelin yeh same
  121. lovetox someone can just write you a message and you will be able to decrypt
  122. lovetox it does not matter if you activated OMEMO in your chat, or even if you are online
  123. annelin >‎[03:24:16 PM] ‎lovetox‎: we dont activate encryption only because other user has the capabilities no-no-no, I mean — if I have encryption disabled but my friend sends me an encrypted message
  124. lovetox yeah thats not a problem with OMEMO, because there is no negotiation
  125. lovetox and no we dont activate encryption when you receive a encrypted message
  126. annelin User A: ..blah.. plain message User B: ..blah.. plain message User A: *encrypted message* should user B go encrypted automatically or he continue plain until manually enable OMEMO?
  127. lovetox but thats not really a problem, because not like OTR where encryption is constantly turned off when the session ends
  128. lovetox a omemo session never ends
  129. annelin ‎[03:29:21 PM] ‎lovetox‎: and no we dont activate encryption when you receive a encrypted message kk, got it.
  130. lovetox so the user decides once to turn on encryption, and it will stay there forever, there is never a risk of sending plain text
  131. lovetox while with OTR you constantly switch between ON and OFF, and you have to take special care that the user doesnt send accidental plain text
  132. annelin I constantly being in situation when my messages suddenly arrives plain with OMEMO enabled.
  133. annelin I think it's some bugs and/or incompatibilies between clients omemo implementation, but that's bad
  134. lovetox i doubt that
  135. lovetox im really sure its impossible to send plaintext with omemo enabled
  136. annelin there was buggy omemo implementation in psi+ months ago
  137. annelin not tested since then, maybe its fixed now
  138. annelin nvm, just want to get OTR support for communicate encrypted with contacts that has only OTR encryption
  139. annelin and since its missing a lot of features including multiple clients and offline messages I think users should manually enable OTR mode if they know what they doing
  140. annelin previous implementation in gajim 0.16x was like a nightmare
  141. lovetox yes it was
  142. lovetox 🙂
  143. lovetox I guess do it like you see fit, and your users will tell you if they like it. Tell me if you miss some vital functionallity in Gajim regarding encryption
  144. lovetox even if we dont endorse usage of OTR, i still might implement stuff that helps encryption plugins, if they are sensible
  145. annelin there are still a lot of xmpp clients that have only OTR
  146. annelin so I think its fine to have at least possibility
  147. annelin of course if OMEMO is available for both sides you shouldn't use it
  148. lovetox but also in your scenario, i dont think you have to throw away the encryption offer
  149. annelin maybe its subject to config
  150. lovetox just complete it automatically, and tell the user to switch to OTR if he likes
  151. lovetox if he doesnt its his problem, the completed OTR session doesnt hurt
  152. annelin I will show you main difficulty with that
  153. lovetox you can even catch the before-sending event, and show the user a warning dialog if he sends unencrypted although session is established
  154. annelin https://i.imgur.com/rFKwOXN.png
  155. annelin that's it
  156. annelin and what happens if we will not accept an offer automatically: https://i.imgur.com/ukiJQtR.png
  157. annelin I think its better because you must use OTR when you really want it — when you agrees to stay without message carbons, MAM, offline messages etc.
  158. annelin please don't think that I promote OTR for everyday use instead of OMEMO ☺
  159. lovetox yeah, i like the idea, the automatic session thingy caused much pain also in the past
  160. annelin I started porting a plugin because of staying in situation when I have two choices — talk with OTR or do not talk at all — and since it was business contacts — I have to install disgusting crafts like Psi+
  161. annelin (Idk how else call "software" that says — "I will crash, its normal" https://i.imgur.com/JN6P9y8.png
  162. lovetox why you even offer the option to change the key?
  163. lovetox and what exactly does crash here?
  164. annelin when you trying to delete private key, Psi+ segfaults.
  165. annelin and then OTR stopped working until you remove ~/.local/share/psi+/profiles
  166. annelin It was funny when I started testing plugin and suddenly it stopped working, after five hours of debugging I just looked at tcpdump and see... nothing.
  167. annelin ‎[04:05:21 PM] ‎lovetox‎: why you even offer the option to change the key? as an everywhere which is due to cryptography
  168. annelin few years ago I need such option to sync private keys between my devices to get at least carbons working
  169. annelin and of course private key may be just compromised and you need to change it immediately
  170. bot Daniel Brötzmann proposed a new merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/479 >: WIP: Rework JoinGroupchatWindow
  171. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/479 >: WIP: Rework JoinGroupchatWindow
  172. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/478 >: WIP: Add Create Group Chat window
  173. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/458 >: WIP: ChatToMUC: Rework dialog
  174. wurstsalat erik, if you didn't take a look yet, the StartChatDialog implements many listbox features
  175. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/456 >: Roster: Fix file drop and take HTTPUpload into consideration
  176. erik wurstsalat: I'm trying to find the first message where you point me to something. C skipped to this last message.
  177. erik Where should I have looked?
  178. wurstsalat the StartChat window has a lot of listbox mechanics, it's a good ressource
  179. wurstsalat to get familiar with listboxes
  180. wurstsalat that was it ;)
  181. erik wurstsalat, ah. thanks!
  182. erik I've been distracted a bit over the past week, but I'll definitely get back to my listbox project.
  183. wurstsalat looking forward to it :)
  184. bot Герман Грех created an issue in _gajim_ < https://dev.gajim.org/gajim/gajim/issues/9744 >: #9744: < Seen message about bug when used file transfer >
  185. bot Daniel Brötzmann modified an issue in _gajim_ < https://dev.gajim.org/gajim/gajim/issues/9744 >: #9744: < Seen message about bug when used file transfer >
  186. bot Daniel Brötzmann proposed a new merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/480 >: WIP: Remove usage of ConfirmationDialogDoubleRadio
  187. bot Daniel Brötzmann modified an issue in _gajim_ < https://dev.gajim.org/gajim/gajim/issues/9711 >: #9711: < Enhance group chat join and invitation process >
  188. bot Daniel Brötzmann closed an issue in _gajim_ < https://dev.gajim.org/gajim/gajim/issues/9708 >: #9708: < Direct file transfer only 50kb/s >
  189. bot Daniel Brötzmann proposed a new merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/481 >: GroupchatControl: Remove correcting state when minimizing
  190. andy Hello, I dont know that this is an issue but when I click second padlock icon in a message conversation Gajim show me a window OMEMO Fingerprints. Below that there is an label Fingerprints for (contact name) and I see my fingerprints on the list with fingerprints of my friend. At the bottom of the window I see own fingerprints. Its little strange. In first list Gajmi should/must show only fingerprints of my friend.
  191. andy On the second Gajim should show OMEMO of that device and all other fingerprints
  192. andy On the second listGajim should show OMEMO of that device and all other fingerprints
  193. wurstsalat what to you mean by second list?
  194. andy wait for a moment ;)
  195. andy Now I see something like this:
  196. andy https://conference.gajim.org:5281/pastebin/fe76a783-9530-4615-b350-650f6925a0f9
  197. andy ehh
  198. andy I do a screenshot for that
  199. lovetox if you mean by own fingerprint, a fingerprint of another device of yours yes
  200. lovetox i dont see the difference between your friends deviceses and your own
  201. lovetox i dont see the difference between your friends devices and your own
  202. lovetox maybe you can explain how you treat them differently
  203. andy Gajim should show my other fingerprints on "own fingerprints" with note "fingerprints of another devices"
  204. andy Tomorrow I will make an issue for that because for me it have more sense that current look of this window
  205. lovetox but why?
  206. lovetox each fingerprint has the JID, so i hope you know your own JID, so you know what fingerprints belong to your other devices
  207. bot Daniel Brötzmann proposed a new merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/482 >: ChatControl infobar: Set ellipsizing for labels and add line breaks
  208. bot Daniel Brötzmann closed an issue in _gajim_ < https://dev.gajim.org/gajim/gajim/issues/9580 >: #9580: < Gajim stays in "edit-mode" between closing & re-opening a MUC >
  209. bot Philipp Hörist pushed 1 commit to branch _refs/heads/master_ of _gajim_ < https://dev.gajim.org/gajim/gajim >: *a3754216* < https://dev.gajim.org/gajim/gajim/commit/a3754216528c7e68217d4f58aeacbb85f124a3c0 > GroupchatControl: Remove correcting state when minimizing Minimizing a GroupChatControl should remove the self.correcting state to avoid being in this state when restoring. Fixes #9580
  210. bot Philipp Hörist merged a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/481 >: GroupchatControl: Remove correcting state when minimizing
  211. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/402 >: Rework contact info
  212. bot Daniel Brötzmann updated a merge request for _gajim/master_ < https://dev.gajim.org/gajim/gajim/merge_requests/482 >: ChatControl infobar: Set ellipsizing for labels and add line breaks