EFF Moan about libpurple logging

Peter Lawler bleeter at gmail.com
Wed Jan 4 03:00:51 EST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/01/12 17:33, Ka-Hing Cheung wrote:
> On Tue, 2012-01-03 at 20:05 -0800, Zachary West wrote:
>> On Tuesday, January 3, 2012 at 07:57 PM, Kevin Stange wrote:
>>> On 01/03/2012 09:08 PM, Peter Lawler wrote:
>>>> Hi!
>>>> For those who may not be watching Twitter....
>>>>
>>>> https://twitter.com/EFF/status/154394005940088832
>>>>
>>>> 'Tell @pidginIM and @adium: ask users whether they want to log
>>>> chats,
>>>> don't just turn it on'
>> But, specifically OTR chat, we Adium
>> supports natively (and Pidgin requires a plugin) so I guess they split
>> the difference and tweeted about logging in general.
> 
> The ORT plugin can just disable logging for the conversation that OTR is
> negotiated? It seems like that would be a better idea that way.

OTR does already do this with Pidgin, however there are 'issues' with
this, which are related to my interest in the necessity of a privacy
re-write - plugins can log independently
https://www.guifications.org/issues/694

Whilst I don't think it's possible to completely close this hole, I do
think that it should be one aim of a privacy API rewrite to expose some
form of per-user logging API otherwise plugin authors need to know about
any other plugin that may have a passing interest in logging. Not only
is the current 'method' unwieldy, it's completely impractical. Don't
quote me, but I also think this relates to commentary that's been kicked
around about (iirc) OTR messages being passed around dbus in the clear
(I've not checked this more deeply yet, hence my hesitation in stating
this as 'fact')

A quick and dirty hack may be just a couple of lines, a less quick and
nasty hack may have something like command line options so one can
redirect per-buddy logs at startup to /dev/null. But I think all that's
probably best handled more deeply in a privacy-rewrite, or logging
specific, thread.

On 04/01/12 14:57, Kevin Stange wrote:
> Who controls @pidginIM, anyway?
No idea. I'm kinda happy to offer to look after it, on the other hand I
wouldn't mind seeing pidgin.im run a status.net for it's registered
developers/CPWs and feed 'official' Twitter/Facebook/G+/Diaspora et al
announcements from there. That's also probably a discussion for another
thread ;) My 2c.

Pete.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJPBAcwAAoJEPg1U/6F+I2EJ6gH+wdhthu0saL20usezFAczmzm
v6V1brVWAOLAa/k1e+VrNI9WMA17jUFCueLLefb9fFlkPGJyYvSaTR2cfPyYvmaI
f/3OzulxZofslXAEgXJOiu/RrQBK+hmr1zJeOyYcH32IYmrmXFgNqdC7YO+CaRVk
fZLxidYkzdDxq76u4Zj873HlWJML1fyNg/UXbN3Gumy3/aQH3eJOrS/f5+vkS8Sy
g7/PAlNhYM0iRh71HNBf+jLh7imzXy7WPD+/t1+1yDQReJDKQGRLavgSp2sjLpqM
Lnt2JU+dbp88BpIloYrzQDe13ilCVEPmvS8LaUdMrvbx0d80foZl1Js/n85JBxk=
=/zTz
-----END PGP SIGNATURE-----




More information about the Devel mailing list