TLS Handler and stable release
Daniele E. Domenichelli
daniele.domenichelli at gmail.com
Fri Feb 8 14:55:31 UTC 2013
Hello,
As you probably already know Dan finally implemented the TLS handler,
and shipped it in master.
The lack of a TLS handler in 0.5 is in my opinion a quite big security
bug, because in order to connect to a server with a self signed or
expired certificate you have to disable ssl error checks, and therefore
user is completely unprotected from man in the middle and similar attacks.
I think it is quite important to ship the TLS handler in the next 0.5
series releases, for the distros that ship kde telepathy 0.5 and won't
update to 0.6 when it is ready.
Nonetheless there are (at least) 2 problems in this:
1) The TLS handler dialogs introduce new i18n strings, that will need to
be translated (this might be a problem for translators).
2) The TLS handler introduces new dependencies (this might be a problem
for packagers).
What is your opinion? Should we just ignore this problem?
Cheers,
Daniele
More information about the KDE-Telepathy
mailing list