Using Gajim in Tails
The Tails Project is looking to replace Pidgin as their default messenger.
Here's their blueprint: https://tails.boum.org/blueprint/replace_Pidgin/
As you can see, Gajim is listed as a candidate for an alternative messenger.
As part of this alternative messenger evaluation, it was said that
it would be nice to have info on the blueprint (for the main canditates) about :
underlying technologies being used such as: UI toolkit, which matters for accessibility, touch and Wayland support (e.g. in the not so distant past we did things like adding QT4 apps and now that's technical debt we have to deal with) programming language (i.e. is it memory safe? is it something statically compiled and if it is, how are security updates managed?) any chance it works with Flatpak/Portals or similar sandboxing technologies? envisioned update model (i.e. in Debian?) for multi-protocol clients, compatibility with modern mobile messaging (or lack thereof, or realistic plans for it) project status and long-term viability which other OS ships it by default
I'm not saying we have to research all this for all candidates right now: looking at one or two of these criteria might be enough to drop some software from the list of candidates :)
At some point we'll need to look at UX (e.g. desktop integration, how OTR and similar are integrated) too but the above technical criteria are easier for devs to document, and if we can drop a candidate or too this way, less UX evaluation work will be needed.
Any chance one of the gajim devs could answer these questions and either put the answers in this issue or in the Tails issue here? https://labs.riseup.net/code/issues/11686
Also, please let us know if there were any incorrect statements made in the blueprint:
XMPP client in Debian with plugins for OTR and OMEMO (Signal-like, XEP-0384) but no IRC. Tickets were created and rejected some time ago (#7868 (closed) and #11541) but might be worth reconsidering after updating this blueprint (#11686).
People from Security-in-a-Box have used it successfully in Tails.
Gajim ships with a plugin called "plugin installer" which allows a user to download new plugins. This sounds suspicious for security, because plugins are pieces of code running with full privilege. The implementation in Debian use unverified TLS connection, which is very very open to MITM. The development version has switched to verified HTTPS connection and is trying to make it more robust. However, I think that Tails should not ship this plugin at all: it allows a user to download code without needing sudo. We could work debian-side to separate gajim-plugininstaller in a separate package so that Tails can choose not to install it?
I couldn't find a ticket related to verified TLS when I searched for it: https://dev.gajim.org/gajim/gajim/issues?scope=all&utf8=%E2%9C%93&state=closed&search=verified+tls
Is this still only in the development version of Gajim, or has it been moved to the main version? Does anyone have the ticket number so that I can keep up with the progress of this change?
I know that the plugin instaler issue was discussed in the Whonix issue here: #8651 (closed)
It was said:
Plugins are just python modules and they run with the same privilege Gajim runs. But you dont have to ship the plugin installer. you can just pick your plugins from the plugin repo here on gitlab and put them after install into usr/share/gajim/plugins. then you just pack plugins you trust.
Perhaps this would work for Tails as well, but I'm assuming that they'd rather only deal with Debian's repos instead of Gajim's gitlab repos. Would making gajim-plugininstaller a seperate package in Debian be something that Gajim would be willing to do if Tails requested this?