Thunderbird 78.x and enabling OpenPGP by default
kaie at kuix.de
Wed May 27 15:07:11 UTC 2020
On 27.05.20 13:27, Ben Bucksch wrote:
> To accommodate existing enigmail users, given that Enigmail won't work
> with 78.0, and avoiding that they fall into a hole, how about enabling
> at least email decryption and sending? And do that automatically?
Decryption requires the migration to have been completed correctly.
Can you please clarify what behavior you have in mind with "sending"? We
cannot enable encryption unless we have public keys migrated properly,
and treat signed public keys (signed by yourself) as "acceptable for
I think we won't yet upgrade 68.x users automatically to 78.x, and
document the OpenPGP status in the 78 release notes. So people won't
"fall into a hole" unless they upgrade proactively.
I think we shouldn't enable the feature partially. I think that would be
even more confusing to understand why some things work and others don't.
> This would be implemented by shiping an "Enigmail" update specifically
> for 78.x, which does not contain the old Enigmail implementation (which
> doesn't work anymore), but effectively does nothing but setting the
> preference to allow PGP email decryption and sending.
If we consider the feature as not yet ready, it seems risky to
automatically upgrade all existing Enigmail users, who are expecting a
> Every one of the
> Enigmail users need that.
They don't need it yet. They will need it when TB 68.x goes end-of-life
with no more security fixes, which will be after 78.3 is released. By
then, we should be able to enable OpenPGP in 78 by default.
> This update avoids that every one of those
> users needs to discover that their email is broken (or even that they
> accidentally send unencrypted emails!) and manually search for the
> preference. It avoids that Enigmail users are broken by 78.0.
The plan would require that we properly announce that users of Enigmail
shouldn't yet upgraed to 78.0 but wait a little longer.
More information about the tb-planning