Re: proposed removal of Enigmail from jessie/LTS

2019-01-22 Thread Daniel Kahn Gillmor
On Tue 2019-01-22 14:44:50 -0500, Antoine Beaupré wrote: > I'm not sure we should remove *both* enigmail and thunderbird from > jessie. I understand there are problems with the a.m.o version, but then > that's somewhat outside of scope of LTS. It would seem rather unfair for > users of thunderbird

Re: proposed removal of Enigmail from jessie/LTS

2018-12-20 Thread Daniel Kahn Gillmor
fwiw, i agree with jmm that encouraging users to upgrade to stable is the best outcome here. The question is, what are we doing to the folks who (for whatever reason) can't make that switch. On Thu 2018-12-20 17:01:30 +0100, Moritz Mühlenhoff wrote: > If suddenly all kinds of core libraries are g

Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport

2018-12-19 Thread Daniel Kahn Gillmor
First off, thanks to Antoine not only for doing all this work for jessie, but for helping out with getting stretch in better shape. If we aim to support our users for an LTS distro, this is exactly the sort of thing we need done. If we're realistically talking about actually dropping support for

Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport

2018-12-18 Thread Daniel Kahn Gillmor
On Tue 2018-12-18 14:34:06 +0100, Emilio Pozuelo Monfort wrote: > FWIW I see that Ubuntu added OpenPGP.js back, and is using gnupg 2.0.x > in trusty. sounds fairly dubious to me, see below: > We ruled that out because supporting gnupg 2.0.x is unfeasible or GnuPG 2.0.x is unsupported upstream, h

Re: HEADS UP: upcoming change to libgcrypt and other gnupg libraries for Enigmail backport

2018-12-14 Thread Daniel Kahn Gillmor
On Fri 2018-12-14 09:26:50 -0500, Antoine Beaupré wrote: > I have outlined the tradeoffs of this in the past. For me, the biggest > concern is that users will blindly install Enigmail from the app store > and that actually has security vulnerabilities because the jessie gpg > version is too old, as

Re: the way to enigmail: gnupg 2.1 backport considerations

2018-11-23 Thread Daniel Kahn Gillmor
Anarcat, thanks for continuing to push on this, it's really appreciated! On Thu 2018-11-22 10:54:41 -0500, Antoine Beaupré wrote: > I was hoping publishing the test package would trigger some feedback; it > didn't. While I can do some tests of my own, the surface area of this is > so vast that it

Re: the way to enigmail: gnupg 2.1 backport considerations

2018-11-20 Thread Daniel Kahn Gillmor
On Tue 2018-11-20 15:47:00 +, Ben Hutchings wrote: > On Tue, 2018-11-20 at 10:28 -0500, Antoine Beaupré wrote: >> On 2018-11-20 15:19:45, Ben Hutchings wrote: >> > On Mon, 2018-11-19 at 15:48 -0500, Antoine Beaupré wrote: > [...] >> > > I think this is overengineered. I still haven't heard exac

Re: the way to enigmail: gnupg 2.1 backport considerations

2018-11-13 Thread Daniel Kahn Gillmor
On Mon 2018-11-12 15:16:39 -0500, Antoine Beaupré wrote: > * libgcrypt20 (part of GnuTLS, 1.6 -> 1.7) libgcrypt is not a part of GnuTLS. GnuTLS has used nettle instead of gcrypt for years. gcrypt is more properly "part of GnuPG" than anything else. basically, all of these libraries are gnupg

Re: updates on the gnupg/enigmail/thunderbird/firefox situation

2018-11-06 Thread Daniel Kahn Gillmor
On Tue 2018-11-06 10:08:26 -0500, Antoine Beaupré wrote: > i think it should be possible to do a) - as "gpg2" of course. it would > require modifications to enigmail to call that binary instead of legacy > 1.4, but it might just work without breaking too much stuff as people > probably don't rely o

Re: updates on the gnupg/enigmail/thunderbird/firefox situation

2018-11-06 Thread Daniel Kahn Gillmor
On Tue 2018-10-30 11:46:35 -0400, Antoine Beaupré wrote: > 5. backport the required GnuPG patchset from stretch to jessie fwiw, i don't see how this is going to work, since jessie has only gpg 1.4.18 and 2.0.26 -- modern enigmail requires gnupg 2.0.14 at least, so that rules out the 1.4 series.

Re: updates on the gnupg/enigmail/thunderbird/firefox situation

2018-10-30 Thread Daniel Kahn Gillmor
thanks for this thinking and testing and analysis, anarcat! On Tue 2018-10-30 11:46:35 -0400, Antoine Beaupré wrote: > The result will be that users will run an outdated version (if they > don't notice the package's removed or the announcement) the version of enigmail in debian jessie i believe s

Re: [Pkg-mozext-maintainers] Enigmail in Wheezy-LTS

2016-06-23 Thread Daniel Kahn Gillmor
On Thu 2016-06-23 13:43:20 -0400, Guido Günther wrote: > I opted for just rebuilding the existing enigmail 1.8.2 in wheezy with a > fixed mozilla-devscripts (which does not create an errornoues Breaks:) > instead of updating to 1.9.3 so we cause as little upgrade problems as > possible. 1.8.2 seems

Re: [Pkg-mozext-maintainers] Enigmail in Wheezy-LTS

2016-05-27 Thread Daniel Kahn Gillmor
Hi Guido-- On Fri 2016-05-27 07:16:40 -0400, Guido Günther wrote: > I'm currently looking into updating Icedove in Wheezy-LTS to the esr > version 45[1]. thanks for your work on this! > Since Enigmail is a often used extension I wanted to update this to a > compatible version as well (as was don