security review and patches for libpurple

Evan Schoenberg evan at adium.im
Mon Jul 18 12:52:33 EDT 2011


On Jul 18, 2011, at 11:14 AM, Ethan Blanton <elb at pidgin.im> wrote:

> Jacob Appelbaum spake unto us the following wisdom:
>>> With that in mind, I'd like to ask again if there are any objections
>>> to my committing these patches to ipp without embargo or a coordinated
>>> release.  If not, I will land them some time tomorrow.  If anyone even
>>> simply thinks we should wait a few days or get additional input before
>>> landing them, that's fine, too.
>> 
>> I would really strongly encourage you to co-ordinate with the Adium
>> folks. It seems to me that they're behind on libpurple updates and any
>> new security releases that don't go into Adium may cause Mac OS X users
>> major trouble.
> 
> I appreciate that input.  There are several Adium developers on the
> security at pidgin.im contact list, so they are in the loop on this

I apologize; I mixed up security threads. I was referring to the IRC whois issue. 

Integration of the larger patch set, which is being applied only against im.pidgin.pidgin as I understand it, will be a somewhat more complicated issue but we will work to make it happen in coordination based on timing for Pidgin's release as it's discussed here. 

-Evan


> 
> Ethan
> _______________________________________________
> security mailing list
> security at pidgin.im
> http://pidgin.im/cgi-bin/mailman/listinfo/security


More information about the security mailing list