[Pkg-privacy-maintainers] Bug#854773: Bug#854773: hexchat-otr: /ME messages sent without OTR

Holger Levsen holger at layer-acht.org
Fri Feb 10 13:27:55 UTC 2017


On Fri, Feb 10, 2017 at 10:20:22AM +0200, Joonas Kylmälä wrote:
> Package: hexchat-otr
> Severity: normal
 
I think this should be severity:important. If encryption is not working as
expected, this has a major impact on the privacy of the user of this package…

> I was using the hexchat OTR plugin. After connected with a person via
> OTR the messages were sent encrypted just fine but then I decided to
> use IRC's /ME command and send a message with that and the message was
> not encrypted with OTR. There was no warning about that the message
> would have been sent unecrypted and some confidential information
> could have leaked. If it is not possible to encrypt /ME messages with
> OTR maybe there is possibility to give a warning to the user before
> sending the message?

It is surely possible to encrypt "/me"-messages with OTR.
Funnily irssi-plugin-otr (or was it pidgin-otr) once had the same bug and it
got fixed.


-- 
cheers,
	Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-privacy-maintainers/attachments/20170210/dff06b71/attachment.sig>


More information about the Pkg-privacy-maintainers mailing list