Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#7025 closed enhancement (wontfix)

Integrate Python OTR plugin into Gajim by default

Reported by: ioerror Owned by:
Priority: normal Milestone:
Component: None Version:
Severity: major Keywords: otr security privacy
Cc: Blocked By:
Blocking: OS: All

Description

Bug description

When I chat with Adium or Pidgin users, I have to load the OTR plugin manually through the process I outlined in #7024 - I'd really like to have it automagically work if I have the pure Python ( http://python-otr.pentabarf.de/ ) OTR module on my system.

Steps to reproduce

Install Gajim - chat with anyone - no OTR support by default

Software versions

This is current as of Gajim changeset: 13361:edee1e4ca03a

Change History (16)

comment:1 Changed 5 years ago by ioerror

Here's how I managed to get Gajim working with a functional OTR setup:

# Install the pure Python OTR implementation http://python-otr.pentabarf.de/releases/potr/python-potr-1.0.0b2.tar.gz http://python-otr.pentabarf.de/releases/potr/python-potr-1.0.0b2.tar.gz.asc

gpg --verify python-potr-1.0.0b2.tar.gz

You should see something like this:

gpg: Signature made Tue 30 Aug 2011 11:19:00 AM PDT using DSA key ID BC74B598 gpg: Good signature from "Kjell Braden <afflux@…>" gpg: aka "Kjell Braden <fnord@…>" gpg: aka "Kjell Braden <fnord@…>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 3B4A FE5C DFF1 6CE4 95B2 6FF4 363B CA1A BC74 B598

Now unpack and install it:

tar -xvzf python-potr*.tar.gz cd python-potr-1.0.0b2 sudo python setup.py install

Now install Gajim:

hg clone http://hg.gajim.org/gajim gajim cd gajim ./launch.sh # navigate to plugins # enable plugin installer # install OTR plugin # ... # profitH crypto!

I'd prefer if all of those steps were reduced to './launch.sh' and depend on potr's python module being available.

comment:2 Changed 5 years ago by asterix

  • Resolution set to wontfix
  • Status changed from new to closed

by "all those step" you mean the half-line

navigate to plugins # enable plugin installer # install OTR plugin

If all plugins are enabled by default, it's no more a plugin system. A user that doesn't use OTR don't need to install it.

comment:3 Changed 5 years ago by ioerror

I'm suggesting that OTR being shipped by default is important. It's part of why Adium is so popular on Mac OS X and Pidgin is so popular on Linux. It's a critical security component and it's really useful when it's able to work opportunistically. The same is true for the other security technologies included with Gajim such as TLS, SSL, E2E, OpenPGP, etc.

In any case, it wouldn't be useful without the 'import potr' line - so I believe the other steps are still required.

comment:4 follow-up: Changed 5 years ago by asterix

maybe beacause all thos security things are integrated in XMPP, but OTR is not?

After that, it's a packager job to include or not a plugin in its distribution.

comment:5 in reply to: ↑ 4 Changed 5 years ago by ioerror

Replying to asterix:

maybe beacause all thos security things are integrated in XMPP, but OTR is not?

OTR provides security that XMPP cannot provide at this time.

After that, it's a packager job to include or not a plugin in its distribution.

Well, OpenPGP and E2E is part of the client - one is a standard and the other is not. OTR should be. All three are really useful. :)

comment:6 Changed 5 years ago by ioerror

I think it's nice that someday soon, we'll probably see OTR in XMPP ( http://lists.cypherpunks.ca/pipermail/otr-dev/2011-August/001192.html ) but I really believe that it's reasonable to enable it by default. Many many other clients have done so and it's the reason that some people use those clients at all.

comment:7 follow-up: Changed 5 years ago by asterix

OpenPGP and E2E both have a XEP, not OTR. To have it in Gajim package or not is not a Gajim issue, once again it's a packager issue. So I suggest you fill a bug report to your distribution packager once the package will be released.

Moreover this plugin is not developped by Gajim developpers. It's a nice and usefull contribution from Kjell Braden, so we won't include it in gajim tarball.

comment:8 in reply to: ↑ 7 Changed 5 years ago by ioerror

Replying to asterix:

OpenPGP and E2E both have a XEP, not OTR. To have it in Gajim package or not is not a Gajim issue, once again it's a packager issue. So I suggest you fill a bug report to your distribution packager once the package will be released.

Ok. I think that is similar to model to pidgin and pidgin-otr packages. I understand the reasoning.

Moreover this plugin is not developped by Gajim developpers. It's a nice and usefull contribution from Kjell Braden, so we won't include it in gajim tarball.

I talked directly with him and he would probably very much appreciate it being included.

comment:9 Changed 5 years ago by asterix

I'll do that when packaging for windows and debian.

comment:10 Changed 5 years ago by Dicson

We will have first non-working plugin out of the box. A good solution.

comment:11 Changed 5 years ago by Dicson

hmm. I try this plugin again and it works now

comment:12 Changed 5 years ago by afflux

It would be possible to redistribute gajim with the gotr plugin shipped (by putting the gotr directory in gajim/plugins/) and enabled:

--- gajim/src/common/config.py	2011-11-06 22:45:04.000000000 +0100
+++ gajim-r13372/src/common/config.py	2011-11-06 23:36:26.000000000 +0100
@@ -743,3 +743,5 @@
             self.add_per('defaultstatusmsg', status)
             self.set_per('defaultstatusmsg', status, 'enabled', default[0])
             self.set_per('defaultstatusmsg', status, 'message', default[1])
+        self.add_per('plugins', 'gotr')
+        self.set_per('plugins', 'gotr', 'active', 'True')

This would not modify systems where the plugin was disabled before, but enable it on configurations where it was not installed before as well as on new configurations.

comment:13 Changed 5 years ago by ioerror

I think that's a great idea - can you ensure that you also ship the potr python module?

If so, I think this is great news!

comment:14 Changed 5 years ago by asterix

I'll put it in windows installer, because we embed python gtk and everything, but I won't include it in any linux package, the correct way to go is to suggest installing python-potr (which doesn't exist yet). So not sure it worth including the plugin until port is packaged for debian.

comment:15 Changed 5 years ago by ioerror

I'd say that any gajim debian/ubuntu package should just depend on future to be created 'python-potr' - it sounds like the Windows bundle will Do The Right Thing by default.

Thank you!

comment:16 Changed 5 years ago by asterix

I'd rather say that windows installer is the only one that does NOT do the right thing: shipping every dependency with every software is really not a good solution. imagine you have 10 programs using GTK+ library, you have 10 GTK+ installed on your system ... But as it's really not easy to install Gajim + all dependancy without shipping them in the installer ...

Note: See TracTickets for help on using tickets.