OTR in Pidgin?

Kevin Stange kstange at pidgin.im
Tue Jan 13 03:30:03 EST 2009


Casey Ho wrote:
> As the survey results indicated, encrypted IM support is as popular as
> VV support [1].
> 
> How do you all feel about including the OTR plugin by default in Pidgin?

There are a few reasons we've historically rejected the inclusion of
such a plugin.  The most prominent is that Pidgin and libpurple have
traditionally made an effort to not transmit to users anything that an
official client would not, so as to assure maximum compatibility with
the server and other clients, unless it can be cleanly detected in
advance which capabilities users have without negative impact.  This is
extended to "magic formatting" features some third party tools use, and
various features that result in gibberish being transmitted in plain
text to users.

We would also then be responsible to choose which implementation of
security we feel is best, and such an endorsement would probably
effectively kill off the efforts of other plugins with other goals.
It's plausible that after internal discussion, for example, we might
find OTR to be the least desirable implementation but the most widely
deployed and be forced to choose between supporting something we don't
like versus something relatively few care to use.  If we are interested
in supporting an encryption plugin, this investigation would need to happen.

Since such plugins are not currently maintained by us, it demands we
adopt a set of developers and force them to comform to our development
cycle and tools, which may not be of interest to them.  I can't imagine
that most our own developers wish to be tasked with maintaining a new
chunk of code they've never previously reviewed.

From my experience with OTR as well, I think it would require a major UI
redesign before I would want to subject our users to it.  Perhaps some
of those shortcomings currently are due to failings of our API, which
could be fixed.

I think it's better to focus on making plugins easier to locate,
distribute and install.  I'm not sure I would want such a heavy plugin
distributed in Pidgin proper that we'd be forced to begin supporting
when there are already other people out there seemingly happy enough to
do it on their own terms.

I know that developers have expressed problems with the designs of some
of the encryption plugins in discussions that have come up before.  I'm
sure they'll pop in with their comments.

Kevin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://pidgin.im/pipermail/devel/attachments/20090113/899902ff/attachment.sig>


More information about the Devel mailing list