MEDIA // Libpurple based IMs

Ethan Blanton elb at pidgin.im
Thu Feb 4 13:54:39 EST 2016


Joseph Cox spake unto us the following wisdom:
> Hey, I'm Joseph Cox, a journalist from VICE's Motherboard.
> 
> I'm writing about the issues with libpurple, and the potential move by
> some people to other chat clients (such as CoyIM).
> 
> Can I ask for Pidgin's comment on the security of its client?

Probably, but we're going to need more information to go on.  What
"issues with libpurple", and what "some people"?

Broadly speaking, we take security seriously and have a reasonable
track record on both number of flaws and addressing those flaws,
particularly given that the libpurple software base is almost two
decades old (and thus suffered from several years of development
before the open source community was particularly clued into many
security concerns).

You may find this interesting:

    https://www.eff.org/secure-messaging-scorecard

Note that Pidgin w/ OTR ticks every checkbox in their survey,
including independent third-party code reviews.  We have been
fortunate to have had the support of several independent teams over
the years, reviewing our code for security and reliability flaws.

If you can give us more to work with, we might be able to provide you
with better information.

Ethan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: Digital signature
URL: <https://pidgin.im/cgi-bin/mailman/private/security/attachments/20160204/5d49721f/attachment.sig>


More information about the security mailing list