Replace Pidgin
For now, we’re doing all easy things we can to make Pidgin safer in Tails (AppArmor confinement, shipping support for only a couple protocol), so the current situation is not that scary, but people I trust say it’s riddled with security issues.
It would be good to have a long term plan to replace Pidgin with something safer, without losing the functionality we need.
Blueprint: https://gitlab.tails.boum.org/tails/blueprints/-/wikis/replace_Pidgin
Subtasks
-
Can we stop including an IRC client by default? (#15816 - closed) -
Replace Pidgin: refine blueprint (#11686 - closed) -
Check if/how candidate IM clients match our requirements -
Evaluate candidate clients and end-to-end encryption: -
Check Dino and Gajim wrt. security [intrigeri] -
Test clients -
Dino (on Buster: dino-im/buster-backports
; on Bullseye:dino-im/bullseye-backports
) -
Gajim - What to test
- OMEMO
- OMEMO-encrypted group chat (not a requirement, but would be nice to have)
- Optionally, interoperability with mobile XMPP clients
-
-
-
Choose a new IM client -
Integrate this new IM client -
Persistence -
Automated tests -
Documentation -
Consider confining the new client with AppArmor
-
-
Document how users can add IRC support back the... (#18052) -
A few months later (to give time for communities to migrate from OTR to OMEMO): remove Pidgin
Related issues
- Blocks Wayland (#12213 - closed) (the only X.Org specific bits remaining in our test suite are about Pidgin)
Edited by intrigeri