Comment 1 for bug 308060

MIR looks good, thanks, a couple of points worry me though.

= Security =

# Does not directly process binary or structured data such as video, sound, or pdf
this directly contradicts:
# Would have network activity inasmuch as it handles network traffic for MSN chats, which includes receiving incoming files over chat.

I think this is a typical security sensitive lib, exposed to network data, with buffers, string parsing, marshalling / unmarshalling of network data into objects etc.

This risk is probably largely alleviated by the fact that it should communicate mostly with MSN servers, but msn/p2p.cpp let's me think there are also user to user connections.

I propose that we ask at least for a quick look from a security person; perhaps we can also enable some stronger hardening flags for this particular package?

= IP =

I don't think the MSN protocol is an open standard; I understand it was reverse engineered. I guess this is ok for interoperability, but deserves a mention in the MIR.

I also wonder about usage of the name libmsn; gaim at to be renamed because of TM issues. I guess this is an upstream problem and we will rename if we get asked to.