Hi Felix, > On 14 jan. 2015, at 00:29, Felix Dreissig <f...@f30.me> wrote: > > Hi, > > on 22 October 2014, Pidgin 2.10.10 was released, fixing several security > vulnerabilities. One of those is a arbitrary memory read via XMPP > (CVE-2014-3698). I can see no indication that Adium might not be vulnerable > to these issues.
The vulnerability only applies when libpurple is built with libidn support, which Adium 1.5 isn’t. > The latest release of Adium dates to 19 May 2014 and contains libpurple > 2.10.9. > Overall project activity from the outside appears to have diminished: There > is some commit activity, but the latest post on this mailing list is from > September and even „Hot issues“ from the website like ticket 16834 rarely get > someone working on them. > > At the same time, Adium still is the common (and only?) solution for OTR on > OS X and recommended to crypto novices [1] as well as journalists [2] as an > anti-surveillance tool. > Is there any specific reason why development has declined or just the usual > lack of time / people? How likely is this situation to persist? Can you name > kinds of resources that would improve it and enable the project to get > traction again? The Adium project consists of volunteers who work on Adium in their free time. There are only a handful of developers left, and (speaking only for myself) with not as much motivation as before. The best resource to improve traction would obviously be more developers. :) Best regards, Thijs
signature.asc
Description: Message signed with OpenPGP using GPGMail
