[Bug 16891] Telepathy should support OTR encryption

bugzilla-daemon at freedesktop.org bugzilla-daemon at freedesktop.org
Thu May 8 07:21:11 PDT 2014 

https://bugs.freedesktop.org/show_bug.cgi?id=16891

--- Comment #53 from Guillaume Desmottes <guillaume.desmottes at collabora.co.uk> ---
(In reply to comment #46)
> Empathy: http://cgit.collabora.com/git/user/xclaesse/empathy.git/log/?h=otr

Ok for the first commit.

Second commit:

+    tuple = empathy_gdbus_channel_interface_otr1_get_remote_fingerprint (
+        priv->otr_proxy);
I have no idea how these new generated API work, but GVariant API are usually
'return: (transfer full)'  that's not the case here?

+    level = empathy_gdbus_channel_interface_otr1_get_trust_level (
+        priv->otr_proxy);
I guess this returns a cached value (not a blocking call) right? What happens
if the proxy is not ready yet? Aren't we going to treat it as a wrong level and
update it right after?

+        g_variant_get (tuple, "(&s at ay)", &fp, NULL);
What's the 'ay' arg being ignored? Please add at least one comment.

What happens if the user doesn't trust the fingerprint. The communication is
still crypted?

+     N_("/otr <action>: Interact with the Off-The-Record system. Possible
actions are:\n"

Is there a way to check (without changing) the current trust level?

+        g_variant_get (tuple, "(s at ay)", NULL, &fp_variant);

+        empathy_gdbus_channel_interface_otr1_call_initialize (
+            priv->otr_proxy, NULL, NULL, NULL);

How does the user know if the operation succeeded or not? Just wait for the
level update message? I think we should explicitely say if it failed so user
explicitely know the conversation is not "safe".

+        g_variant_get (tuple, "(s at ay)", NULL, &fp_variant);
I think fp_variant is leaked.

chat_command_otr() will crash/assert if one of the D-Bus API failed. Also,
shouldn't we use async API here?

trust_level_to_str(): I'd mention "encrypt using OTR" to be clearer and avoid
confusion my server encryption.

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.

More information about the telepathy-bugs mailing list