Hi Tomasz, Tomasz Buchert writes:
> it seems unlikely that we will be able to fix this for stretch. This > would require a new package upload and this is already a > no-go. Personally I think that forking libstrophe in the first place > was not a great idea, but I may lack some context. Ok, is there no policy to allow a new package upload if it fixes a serious security issue? > I don't know what will be the best to proceed. Maybe we can clearly > specify in the manpage/--help/during-the-first-run that profanity does > not verify cert chains and the user is responsible for providing a safe > channel, via SSH tunnel or similar, for example? Sounds good. Are there plans then to package libmesode? An updated profanity that is built against libmesode could then be provided in Stretch Backports. Best regards, Wolfgang -- Website: https://fossencdi.org OpenPGP: 0F30 D1A0 2F73 F70A 6FEE 048E 5816 A24C 1075 7FC4 Key download: https://wiedmeyer.de/keys/ww.asc
signature.asc
Description: PGP signature
