Changes

intrigeri · a5d53a93
--- a/replace_Pidgin.md
+++ b/replace_Pidgin.md
-Corresponding ticket: [[!tails_ticket 8573]]
+Corresponding ticket: tails/tails#8573

 We want to replace Pidgin with a more secure IM client.

 This document lists our requirements and candidate clients, along with their pros and cons.

-[[!toc levels=3]]
+
+[[_TOC_]]
+

 # Requirements

@@ -53,8 +55,8 @@ Ideally, some usability study for the OMEMO user interface has been done.
 Resources:

 - [clients support](https://omemo.top/)
- - [[!tails_gitlab 11541]]
- - [[!wikipedia OMEMO]]
+ - [11541](https://gitlab.tails.boum.org/11541)
+ - [OMEMO](https://en.wikipedia.org/wiki/OMEMO)
 - [XEP-0384](http://xmpp.org/extensions/xep-0384.html)

 ### Support for OTR
@@ -92,7 +94,7 @@ The client must support XMPP conference rooms [(XEP-0045)](https://xmpp.org/exte
 * supports XMPP, OMEMO and OpenPGP; OTR support is
  [not high on the todo list](https://github.com/dino/dino/issues/97)
 * Supports Tor, works in Tails. [Wiki page on Dino with Tor](https://github.com/dino/dino/wiki/Tor)
-* is [[!debpts dino-im desc="in Debian"]] Buster
+* is [in Debian](https://tracker.debian.org/pkg/dino%2Dim) Buster
 * the Debian maintainer wants to add an AppArmor profile and got in
  touch with intrigeri about it
 * Translated into 25+ languages
@@ -117,11 +119,11 @@ The client must support XMPP conference rooms [(XEP-0045)](https://xmpp.org/exte
  - In 2019, [Multiple protocol implementation
    errors](https://gultsch.de/dino_multiple.html) were discovered in Dino:

-    - [[!cve CVE-2019-16237]]: an attacker can send messages in the name of someone else
+    - [CVE-2019-16237](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2019%2D16237): an attacker can send messages in the name of someone else
      (previously found in other XMPP clients: CVE-2017-5589+)
-    - [[!cve CVE-2019-16236]]: remote attackers can modify the roster (previously
+    - [CVE-2019-16236](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2019%2D16236): remote attackers can modify the roster (previously
      found in Gajim: CVE-2015-8688)
-    - [[!cve CVE-2019-16235]]: does not properly check the source of a carbons message
+    - [CVE-2019-16235](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2019%2D16235): does not properly check the source of a carbons message

    As that document says, "When confronted with the fact that the same trivial
    vulnerabilities have been discovered in multiple, independent clients one
@@ -161,12 +163,12 @@ The client must support XMPP conference rooms [(XEP-0045)](https://xmpp.org/exte
 - D-Bus capabilities: can be disabled?

 - Track record:
-  - [[!cve CVE-2016-10376]]: allows being controlled by the XMPP server
-  - [[!cve CVE-2015-8688]]: remote attackers can modify the roster and intercept
+  - [CVE-2016-10376](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2016%2D10376): allows being controlled by the XMPP server
+  - [CVE-2015-8688](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2015%2D8688): remote attackers can modify the roster and intercept
    messages
-  - [[!cve CVE-2012-5524]]: custom SSL certificate verification callback
+  - [CVE-2012-5524](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2012%2D5524): custom SSL certificate verification callback
    accepted CA-signed certificates for any domain.
-  - [[!cve CVE-2012-2085]] aka. https://dev.gajim.org/gajim/gajim/-/issues/7031:
+  - [CVE-2012-2085](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE%2D2012%2D2085) aka. https://dev.gajim.org/gajim/gajim/-/issues/7031:
    remote code execution by building command lines out of untrusted input.

 - Gajim ships with a plugin called "plugin installer" which allows a user to
@@ -212,7 +214,7 @@ The client must support XMPP conference rooms [(XEP-0045)](https://xmpp.org/exte
 * Supports importing accounts from Pidgin.
 * No logging, no clickable links.
 * Not audited.
-* Test results in Tails: [[!tails_ticket 8574]]
+* Test results in Tails: tails/tails#8574
 * No OMEMO support.

 ### Thunderbird
@@ -221,7 +223,7 @@ The client must support XMPP conference rooms [(XEP-0045)](https://xmpp.org/exte
  pref: <https://wiki.mozilla.org/Thunderbird:OTR>
 * No OMEMO support: <https://bugzilla.mozilla.org/show_bug.cgi?id=1237416>

-### Tor Messenger ([[!tails_ticket 8577]])
+### Tor Messenger (tails/tails#8577)

 Tor Messenger is no more: https://blog.torproject.org/sunsetting-tor-messenger

@@ -235,7 +237,7 @@ Tor Messenger is no more: https://blog.torproject.org/sunsetting-tor-messenger
  since we are looking for a "Pidgin replacement".
 * It has support for "temporary XMPP accounts" that require no
  registration (no user input!) which would be useful for our support
-  channel (see [[!tails_ticket 11307]]).
+  channel (see tails/tails#11307).
 * Tor Messenger provides Linux packages but is not in Debian :(
 * FWIW: Tor Messenger got 30K USD funding in 2017!
 * FWIW: anonym has been happy using it exclusively for chatting since
@@ -244,9 +246,10 @@ Tor Messenger is no more: https://blog.torproject.org/sunsetting-tor-messenger
  and is meant to be
  [replaced by future improvements in _Thunderbird_'s chat features](http://blog.queze.net/post/2017/10/18/Thunderbird-is-the-next-version-of-Instantbird)
  (although _Thunderbird_'s future is unclear as well). To follow
-  along, subscribe to the [[!mozbug 1409891 desc="meta tracking bug"]]
+  along, subscribe to the [meta tracking bug](https://bugzilla.mozilla.org/show_bug.cgi?id=1409891)
  and the ones it depends on. The _Tor Messenger_ developers
  intend to
  [follow suit](https://lists.torproject.org/pipermail/tor-project/2017-October/001521.html)
  and create a _Tor Communicator_ bundle based on _Thunderbird_, that
  would handle both email and chat.
+