On January 15, 2015 1:20:22 PM EET, Cathal Garvey <cathalgarvey@cathalgarvey.me> wrote:
If the server code were open, how would you know the server was
actually
running that code anyway? Having the protocol documented so thoroughly
makes the task of writing an alternative server trivial if
time-consuming. I'd obviously prefer the server were AGPL, and I hope
someone will write an AGPL'd server and federation.
For now though, the client is open source, the crypto doesn't suck, the
UX is excellent, and the threat model is pretty transparent. I'm
*never*
going to inflict PGP on friends, but I'll happily inflict this on them.
Since this is mostly for synchronous communication, you can inflict jabber+otr, which has all the benefits you mention
above.