I have released Enigmail v2.0.7 for Thunderbird version 52/60 and
SeaMonkey 2.46 and newer.
Changes
===
This release addresses several critical security bugs:
* Spoofing of Email signatures I (CVE-2018-12020) [1]:
GnuPG 2.2.8 fixed a security bug that allows remote attackers to spoof
arbit
Qubes OS has a feature called Split GPG where you can keep your email
client in one VM and your gpg keyring in another VM (without network
access, for example). If you're using it with Thunderbird and Enigmail,
you basically just have to configure Enigmail to make calls to
/usr/bin/qubes-gpg-client
On 14.06.18 00:39, Micah Lee wrote:
[...]
> So my question is, is it safe for split GPG to simply ignore the
> --log-file argument altogether? Or does Enigmail try to do something
> with that log file later on, and things will break if it's not there?
From what we know *currently* it seems OK to