Another round of paid work for Tomasz?

Mark Doliner mark at
Thu Dec 5 03:58:25 EST 2013

As you may remember (see email thread "Paying Tomasz Wasilczyk for
security improvements"), earlier this year Google donated $10,000 USD
to IMF with the funds earmarked to sponsor Tomasz to work on mostly
security improvements, with the specifics changes left at our

I think we haven't sent an update about this anywhere. Sorry--we
should. It did happen. We received the donation, we paid Tomasz and he
did some work. For example, one of the larger chunks of work is that
he finished the master password branch and merged it into main, to be
released in 3.0.0.

(Tomasz: Could you maybe send us a short list of the changes you've
made? Like, high-level functionality changes or security problems

Our contact at Google tells us that they would again like to donate
some money earmarked for further work by Tomasz. He didn't mention the
amount. I've been assuming another $10,000, but I suppose it could
quite possibly be less. I'm guessing probably not more. Again the
exact set of changes are left at our discretion. Tomasz came up with
an initial list that I pasted to the bottom of this email.

Unfortunately they would like to donate quite soon. So soon that we
don't have time to do a formal vote and give them an absolute yes or
no. I'd like to take an informal poll on whether this is something
we're likely to approval again.

Here's what I'm thinking:
- Google donates some amount of money again. I'll ask our contact to
limit it to no more than $10,500, for the sake of this discussion so
we have an upper-bound in mind for the amount. This would happen
probably within the next 2 weeks.
- We/Pidgin devs/Adium devs decide on a semi-fixed list of tasks for
Tomasz to work on. Hopefully by the end of this month.
- We transfer the donation amount to Tomasz (minus PayPal fees) and he
does his thing.

Does this seem like a reasonable plan? As a board member, is this
something you're likely to vote in favor of? (This is NOT a binding
vote... just trying to get a sense for how people feel so I can tell
our Google contact.)

Here's the initial list of work that Tomasz came up with:
- rewrite chat log backend and frontend
  * with a possibility to encrypt these logs
  * details at [1]
- better xmpp protocol support
  * especially GTalk/hangouts dialect (two step verification,
    voice and video)
  * grab some ideas from [2]
  * some details at [3]
- polishing 3.0.0
  * fixing all regressions from 2.x.y (Tomasz already fixed a lot of them,
    but there are still many more)
  * fixing things and polishing after this year's GSoC branches merge
  * cleaning up random tickets - there are around 3000 open tickets
    (not directly related to 3.0.0)
- win32 related fixes
  * making cross-compilation (for 3.0.0) *and* full build possible
    (goal: prepare a OBS [] build which results in
    complete offline installer produced)
  * Voice and Video support (Tomasz already did some effort for this, but
    it's still unstable)
- a help for Adium team to implement a libpurple3 release
  (Tomasz hasn't contacted them yet)


Board mailing list
Board at

More information about the Discussion mailing list