the first link referring to another project called Briar and its laterally sucks why?
1- it supporting only android which Ricochet itself wasnt made for any phone platform.
2- it doesnt even mention where did they do any progress to Ricochet
3- not inside Debian package nor i think will be in the soon time
second link is not much helping as the first link (and S-rah has no idea what does it mean its not maintained anymore)
so these my opinions , in Conclusion Ricochet is BAD to be installed by default inside whonix.
there r alot of cool apps built on matrix going to come by debian packages on buster. so i think waiting to that time is the only way to go for now atm.
but Debian philosophy through this subject it cant be ours why?
because our distro is anonymity focused not compatibility problems (only). so giving this time to the app and just trusting Debian pointview on its components that doesnt mean our product is safe. anonymity needs active projects and fix and upgrades the issues with nonstop (even if its taking long time in the fixation process). but being zero active project with no improvements to any tickets = run away for ur life if u r searching for anonymity.
so maybe the app still working on debian and compatible with its distros versions but that doesnt mean its safe and good decision to keep using it.
the problem of which i think no body studied the effect of it, Ricochet considering each client as hidden service but Ricochet last support is to Tor version 0.2.5 and by default now whonix support 0.3.x. so im not sure on which version of onioning its going to create, is it the v2 or v3 ? also there r many fixes to Tor for hidden services from v0.2.x to 0.3.x.
in conclusion, Ricochet is great app with Tor but its only were continued …
i suggest to check Matrix there is too many users migrating to it. (as also Tox chat no more supporting Debian…)
The problem with this 0day argument its fatalistic and there is no way to verify it. There is are always 0days in the kernel too but that doesn’t mean we should abandon all hope and stop developing?
Understand ricochet is also written in memory safe python (though migrating to Go) and written with security in mind. There are many other base Debian packages that are not. If there is something that’s a weaker link its probably something else.
Worst case scenario it won’t affect anyone who doesn’t run it and so I wouldn’t consider it affecting “all Whonix users”
Matrix is interesting but can you suggest a desktop client already packaged for Debian?