[jitsi-users] sensible data in log files ... OpenSSL.... Jitsi


#1

FYI and heads up

http://www.pro-linux.de/news/1/21108/comm/1/show-all-comments.html

In the post of "Von Herzlos am Mi, 21. Mai 2014 um 16:24 #"
Jitsi is mentioned as another OSS (the article is about OpenSSL) that
saves sensible information in log files. As example listed is Jabber
detection during debugging. The posts ends with: "And of course this
should not happen."


#2

Jabber IDs are stored locally for a bunch of reasons, including the
possibility to show contacts when offline, set custom display names,
cache photos, group contacts.

Complaining about the fact that they also appear in logs sounds like
irresponsible hand waiving to me.

···

On Thu, May 22, 2014 at 10:20 AM, rsnewsbox <rsnewsbox@googlemail.com> wrote:

FYI and heads up

http://www.pro-linux.de/news/1/21108/comm/1/show-all-comments.html

In the post of "Von Herzlos am Mi, 21. Mai 2014 um 16:24 #"
Jitsi is mentioned as another OSS (the article is about OpenSSL) that
saves sensible information in log files. As example listed is Jabber
detection during debugging. The posts ends with: "And of course this
should not happen."

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org


#3

Thanks, Emil, for the clarification!

I would have been surprised if there was not a valid reason for it,
with all the efforts you put in to protect privacy in Jitsi.

Therefore the heads up what's circulating out there...

Keep up the great work. It's amazing what you guys have created over time!
I just hope there will be less pressure for your team to be able to
pick up the Android app development again.
I can't find any XMPP app at all offering voice and video chats, not
to mention the security features of Jitsi.

All the best!

···

On Thu, May 22, 2014 at 8:33 PM, Emil Ivov <emcho@jitsi.org> wrote:

Jabber IDs are stored locally for a bunch of reasons, including the
possibility to show contacts when offline, set custom display names,
cache photos, group contacts.

Complaining about the fact that they also appear in logs sounds like
irresponsible hand waiving to me.

On Thu, May 22, 2014 at 10:20 AM, rsnewsbox <rsnewsbox@googlemail.com> wrote:

FYI and heads up

http://www.pro-linux.de/news/1/21108/comm/1/show-all-comments.html

In the post of "Von Herzlos am Mi, 21. Mai 2014 um 16:24 #"
Jitsi is mentioned as another OSS (the article is about OpenSSL) that
saves sensible information in log files. As example listed is Jabber
detection during debugging. The posts ends with: "And of course this
should not happen."

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users


#4

Thanks very much for your kind words!

···

On Thu, May 22, 2014 at 11:25 AM, rsnewsbox <rsnewsbox@googlemail.com> wrote:

Thanks, Emil, for the clarification!

I would have been surprised if there was not a valid reason for it,
with all the efforts you put in to protect privacy in Jitsi.

Therefore the heads up what's circulating out there...

Keep up the great work. It's amazing what you guys have created over time!
I just hope there will be less pressure for your team to be able to
pick up the Android app development again.
I can't find any XMPP app at all offering voice and video chats, not
to mention the security features of Jitsi.

All the best!

On Thu, May 22, 2014 at 8:33 PM, Emil Ivov <emcho@jitsi.org> wrote:

Jabber IDs are stored locally for a bunch of reasons, including the
possibility to show contacts when offline, set custom display names,
cache photos, group contacts.

Complaining about the fact that they also appear in logs sounds like
irresponsible hand waiving to me.

On Thu, May 22, 2014 at 10:20 AM, rsnewsbox <rsnewsbox@googlemail.com> wrote:

FYI and heads up

http://www.pro-linux.de/news/1/21108/comm/1/show-all-comments.html

In the post of "Von Herzlos am Mi, 21. Mai 2014 um 16:24 #"
Jitsi is mentioned as another OSS (the article is about OpenSSL) that
saves sensible information in log files. As example listed is Jabber
detection during debugging. The posts ends with: "And of course this
should not happen."

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

_______________________________________________
users mailing list
users@jitsi.org
Unsubscribe instructions and other list options:
http://lists.jitsi.org/mailman/listinfo/users

--
https://jitsi.org