Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Current state of Pidgin OTR vs Jitsi OTR

Nick liberationtech at njw.me.uk
Mon Jul 1 04:24:05 PDT 2013


On Mon, Jul 01, 2013 at 07:02:03AM -0400, Tom Ritter wrote:
> If libpurple/pidgin itself has bugs, that compromises OTR.  If an
> attacker gets in through a window or your sliding door, he's still in
> your house.  And libpurple is full of bugs.  That's the easy, go-to
> answer for this question.
> http://web.nvd.nist.gov/view/vuln/search-results?query=libpurple&search_type=all&cves=on

True, but having many CVEs also means that many people are actively
finding and doing the right thing with security bugs; it's as much
an indicator of developer activity and practises as it is the
insecurity of the software. I'm sure we've all seen software with
many dodgy security bugs, that because it isn't as widely used as
its competitor never bothers with CVEs, or doesn't have the
expertise to properly understand or fix the bugs.



More information about the liberationtech mailing list