Thunderbird 78.x and enabling OpenPGP by default
ben.bucksch at beonex.com
Wed May 27 16:09:36 UTC 2020
On 27.05.20 17:07, Kai Engert wrote:
> On 27.05.20 13:27, Ben Bucksch wrote:
> > To accommodate existing enigmail users, given that Enigmail won't work
> > with 78.0, and avoiding that they fall into a hole, how about enabling
> > at least email decryption and sending? And do that automatically?
> Decryption requires the migration to have been completed correctly.
> Can you please clarify what behavior you have in mind with "sending"?
> We cannot enable encryption unless we have public keys migrated
> properly, and treat signed public keys (signed by yourself) as
> "acceptable for encryption".
I was assuming that the features for sending encrypted mail, decryption,
and import from EnigMail and gpg are working already, but with no or
minimal or suboptimal UI. I imagined that key management UI is complex
and probably something you left for the end. However, if the migration
without UI doesn't work yet either (I don't know the exact status), then
of course my proposal does not work.
> I think we won't yet upgrade 68.x users automatically to 78.x, and
> document the OpenPGP status in the 78 release notes.
Yes, I think the Mozilla updater has the feature to hold back upgrades
for users of a specific extensions.
> So people won't "fall into a hole" unless they upgrade proactively.
Exactly. I'm trying to answer the point raised by Jacques Angevelle, for
people who do upgrade.
With the additional downgrade block for their profiles that is in the
current release, that would make them all into the hole.
> I think we shouldn't enable the feature partially.
Personally, I would:
* Enable the feature much earlier for existing users of Enigmail, and
particularly for those that manually upgrade to 78.
* Prioritize the backend functions including key migration, email
sending and reading (encryption and signing, decryption and verification).
* Put key management UI on the back burner
> > This would be implemented by shiping an "Enigmail" update specifically
> > for 78.x, which does not contain the old Enigmail implementation (which
> > doesn't work anymore), but effectively does nothing but setting the
> > preference to allow PGP email decryption and sending.
> If we consider the feature as not yet ready, it seems risky to
> automatically upgrade all existing Enigmail users, who are expecting a
> stable experience.
Yes, I agree. I didn't mean to propose that.
My proposal is a path for those Enigmail users who manually install
Thunderbird 78.0 upon release, not knowing that PGP doesn't work yet.
> The plan would require that we properly announce that users of
> Enigmail shouldn't yet upgraed to 78.0 but wait a little longer.
Right. But you cannot assume that they read that. Experience shows that
they will not. Either because they didn't see the page where you wrote
it, or they skimmed over it and missed it.
More information about the tb-planning