Follow

Tails natively ships with a client. Currently Pidgin.
For security reason Tails is going to replace it.

New XMPP client that Tails is likely to natively install will be either @dino or @gajim

Some research about them and Tails requirements you can read here:
gitlab.tails.boum.org/tails/bl
(keep in mind that it's a living paper)

Great to hear that Tails! As far as I know Pidgin is a security nightmare.

Dino is small and Gajim is mature. Unfortunately neither of them enable OMEMO by default (like Conversations.im).

@wiktor @tails "As far as I know Pidgin is a security nightmare." Care to explain what that means before just randomly dumping FUD on the internet?

@tails As the maintainer of Pidgin I would greatly appreciate it if you would elaborate on these so called "security reasons" as the website you linked is down.

@grimmy Sorry for that late respond, but can I ask you to direct your question to Tails developer email list?
tails-dev@boum.org
To join the email list: tails.boum.org/about/contact/i

@tails my question is pretty clear and I don't see why I should have to sign up on your mailing list when you're spreading fud about my project...

@grimmy
for clarification:
This is an unoffical account, maintained by a volunteer. I could send messages between you and the devs back and forth, but while just sending an email to tails-dev@boum.org will facilitate that, I'm more comfortable if you'd write an email to tails-dev@boum.org

@tails and I'd be more comfortable if people would send legitimate security issues to security@pidgin.im so they can be handled responsibly. But instead people choose to spread rumors about pidgin/libpurple out into the world with no evidence.. Guess we can't all get what we want huh?

@grimmy @tails
agree, but we can't change the past and I'm just helping to give more visibility to the Tails project and its development by maintaining this account.
What do you expect/wish from me, in regards of this issue?

@grimmy @tails also from a usabilty perspective, I would personally discourage from using Pidgin for #XMPP. It does not implement some XEPs recommend and important nowadays.

But still ok for other protocols like #IRC

@Muto @tails That's fair and I have no problem with them swapping pidgin 2 out. My issue is with the FUD their spouting.

@tails @Muto "but people I
trust say it’s riddled with security issues." Seems real scientific...

What's a "good history of vulnerabilities" ?

The kernel you're running is also rewitten in the same unsafe language.

"often has to parse untrusted undocumented protocols" truth

"other clients are more actively maintained" previously true, not so much right now.

"development of many plugins have been stagnant for years" for example?

@tails @dino @gajim I'd love to use Dino in Tails. Being able to save the OMEMO keys to persistent storage would be great

Sign in to participate in the conversation
Fosstodon

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.