[jitsi-dev] Two Problems


#1

Hey everyone,

I was looking into secure alternatives to Skype when I came across
Jitsi. I have one question and one complaint.

First off, the question. I downloaded the stable version of Jitsi (2.2)
on OS X. After launching it, it then downloaded a newer version (2.3).
My question is, did it get that update from the alpha branch, or is
there a stable version that has not been posted to the website? Either
way, there's an issue.

As for my complaint, when I signed up for this mailing list, I got a
'Welcome to the "dev" mailing list' email that displays my password in
clear text. I consider this completely unacceptable considering your
software is supposed to be (in part) about security. It makes me lose
faith in your product, and should be corrected as soon as possible.

Sorry for the negativity, but if you can't get passwords and updates
right, how can I trust you guys with my privacy/security?

···

--
PGP Key: http://http-keys.gnupg.net/pks/lookup?op=get&search=0xAE38B2594982DA4A


#2

Hey Michael,

Hey everyone,

I was looking into secure alternatives to Skype when I came across
Jitsi. I have one question and one complaint.

First off, the question. I downloaded the stable version of Jitsi (2.2)
on OS X. After launching it, it then downloaded a newer version (2.3).
My question is, did it get that update from the alpha branch, or is
there a stable version that has not been posted to the website? Either
way, there's an issue.

Indeed, there seems to be an issue with the DMG updates. We'll be fixing it shortly. Thanks for the note!

As for my complaint, when I signed up for this mailing list, I got a
'Welcome to the "dev" mailing list' email that displays my password in
clear text. I consider this completely unacceptable considering your
software is supposed to be (in part) about security. It makes me lose
faith in your product, and should be corrected as soon as possible.

Note that what you are describing is standard GNU Mailman practice and has really nothing to do with Jitsi.

That said, let's not take things out of context. This is a subscription to a public mailing list. There is no private information there. The worst that could happen if someone knew your password would be to unsubscribe you. The point of such an attack would be quite limited though, given that the list archives are public.

Again, if you think this is a problem, I encourage you to take the issue up with the GNU Mailing List Manager project:

http://www.gnu.org/software/mailman/

Sorry for the negativity, but if you can't get passwords and updates
right, how can I trust you guys with my privacy/security?

If you believe that there's any relation between Jitsi updates, Mailman and the privacy of your conversations, then don't.

Emil

···

On 18.06.13, 07:49, Michael LaCorte wrote:

--
https://jitsi.org


#3

Hi,

the issue with dmg updates is now fixed. Thanks for the report!

Regards
damencho

···

On Tue, Jun 18, 2013 at 9:58 AM, Emil Ivov <emcho@jitsi.org> wrote:

Hey Michael,

On 18.06.13, 07:49, Michael LaCorte wrote:

Hey everyone,

I was looking into secure alternatives to Skype when I came across
Jitsi. I have one question and one complaint.

First off, the question. I downloaded the stable version of Jitsi (2.2)
on OS X. After launching it, it then downloaded a newer version (2.3).
My question is, did it get that update from the alpha branch, or is
there a stable version that has not been posted to the website? Either
way, there's an issue.

Indeed, there seems to be an issue with the DMG updates. We'll be fixing
it shortly. Thanks for the note!

As for my complaint, when I signed up for this mailing list, I got a

'Welcome to the "dev" mailing list' email that displays my password in
clear text. I consider this completely unacceptable considering your
software is supposed to be (in part) about security. It makes me lose
faith in your product, and should be corrected as soon as possible.

Note that what you are describing is standard GNU Mailman practice and has
really nothing to do with Jitsi.

That said, let's not take things out of context. This is a subscription to
a public mailing list. There is no private information there. The worst
that could happen if someone knew your password would be to unsubscribe
you. The point of such an attack would be quite limited though, given that
the list archives are public.

Again, if you think this is a problem, I encourage you to take the issue
up with the GNU Mailing List Manager project:

http://www.gnu.org/software/**mailman/<http://www.gnu.org/software/mailman/>

Sorry for the negativity, but if you can't get passwords and updates

right, how can I trust you guys with my privacy/security?

If you believe that there's any relation between Jitsi updates, Mailman
and the privacy of your conversations, then don't.

Emil

--
https://jitsi.org

______________________________**_________________
dev mailing list
dev@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/**mailman/listinfo/dev<http://lists.jitsi.org/mailman/listinfo/dev>