SSL security concern
Ralf Skyper Kaiser
skyper at thc.org
Mon Oct 14 12:33:27 EDT 2013
I agree, 1 of the 7 Security features is already possible with pidgin but
requires source code recompilation. That's does not fly for most users
(especially the windows users).
Pidgin should be secure by default or - if Pidgin insists that it has to be
insecure by default - at least the possibility for the user to use it
securely. Without having to recompile from source (and cross platform).
On Mon, Oct 14, 2013 at 5:27 PM, David Woolley
<forums at david-woolley.me.uk>wrote:
> The BIGGEST BANG FOR THE BUCK would be 4.: Allow the user to specific a
>> different (and exclusive) CA location.
> As noted in my original reply, that already exists if you build from
> source - the decision is a compile time one. If you use a package, the
> packager will generally select the option that makes the software easiest
> to use and maintain out of the box, which means that, if the OS supports a
> compatible certificate store mechanism, the packager will select that, so
> that it will work out of the box, and certificates will get updated as part
> of the OS update process.
> If there isn't such a mechanism, it will install Pidgin's standard set of
> certificates in a directory private to libpurple, so that the user doesn't
> have to hunt down certificates before they use it.
> At least from a quick glance, you can tell it to use a system certificate
> store, when you build it, but point that at a directory that you populate
> with certificates, rather than the standard OS certificate store.
> Support at pidgin.im mailing list
> Want to unsubscribe? Use this link:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Support