Using kopete with OTR plugin may lead to sending messages unencrypted without notice. Upstream bugs: https://bugs.kde.org/show_bug.cgi?id=274099 https://bugs.kde.org/show_bug.cgi?id=362535 References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827048
Created kopete tracking bugs for this issue: Affects: fedora-all [bug 1346841]
maybe we should disable OTR plugin as a workaround temporary before it's fixed by upstream
That sounds like a good idea. I would definitely not continue to provide this plugin as long as it does not provide reliable encryption.
I personally have a slight preference to not disabloing anything, since the otr plugin does work, just with caveats. How about splitting it out into a subpkg that's not installed by default, and make these currently-known issues with otr prominent in the pkg description? (If that's not agreeable, then I have no objections to fully disabling it)
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.