On Fri, Feb 10, 2017 at 10:20:22AM +0200, Joonas Kylmälä wrote:
> Package: hexchat-otr
> Severity: normal
 
I think this should be severity:important. If encryption is not working as
expected, this has a major impact on the privacy of the user of this package…

> I was using the hexchat OTR plugin. After connected with a person via
> OTR the messages were sent encrypted just fine but then I decided to
> use IRC's /ME command and send a message with that and the message was
> not encrypted with OTR. There was no warning about that the message
> would have been sent unecrypted and some confidential information
> could have leaked. If it is not possible to encrypt /ME messages with
> OTR maybe there is possibility to give a warning to the user before
> sending the message?

It is surely possible to encrypt "/me"-messages with OTR.
Funnily irssi-plugin-otr (or was it pidgin-otr) once had the same bug and it
got fixed.


-- 
cheers,
        Holger

Attachment: signature.asc
Description: Digital signature

Reply via email to