[Pkg-mozext-maintainers] Bug#909000: Enigmail 2.0 needed in Stretch after Thunderbird 60 upload
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Sep 17 20:44:03 BST 2018
On Mon 2018-09-17 10:14:31 +0200, Jonas Meurer wrote:
> yesterday, Thunderbird 1:60.0-2~deb9u1 got uploaded to Stretch (via
> security). This thunderbird version breaks enigmail (<< 2:2~), which
> leads to uninstallable/unusable Enigmail in Debian Stretch.
>
> May I suggest to backport Enigmail 2.0 to Debian Stretch as well?
Thanks for this report, Jonas! it's definitely correct.
It's important to fix, but the dependency on more recent versions of
GnuPG will be needed as well. There are several problems that i'm
trying to work through for enigmail in the limited time that i've got
for this.
Some background:
* enigmail imported a copy of OpenPGP.js wholesale in version 2.0.x
* unfortuantely, the version they imported isn't the actual preferred
form of modification -- it's an assembled/"compiled" form of the
project, using node.
* I asked enigmail upstream whether he had ever built OpenPGP.js from
source, and he had not -- he simply copied their distributed bundle.
* the DFSG-free way to get that into debian is to get OpenPGP.js into
debian -- see https://bugs.debian.org/787774 for that ITP.
* i tried off and on for weeks to figure out how to make that happen
cleanly, but eventually gave up because of the explosion of node
packaging that would have been required. even if i'd been able to
follow the dependency tree to its ends (which was problematic for
lots of reasons), i don't think i can responsibly maintain all those
node packages :(
* instead, i realized that the OpenPGP.js node package was only needed
by enigmail for a few things, in particular to avoid needing a newer
version of GnuPG.
* there were a few small changes that needed to be made to GnuPG to
make enigmail pass its test suites properly without OpenPGP.js, so i
got them made upstream in GnuPG.
* then i stripped OpenPGP.js from enigmail, and bumped enigmail's
dependency on GnuPG.
* new versions of thunderbird apparently change the behavior of some of
the enigmail tests -- see #907984 and #906885
* i subsequently discovered that the enigmail test suite was inadequate
for the Autocrypt Setup Message -- i'm currently working on fixing
that. (this is #908510)
If i can get that fixed, then i can look into porting the improvements
to GnuPG needed by enigmail's test suite into the stable version of
GnuPG. Sadly, i'm pretty behind on this, but i would welcome help.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-mozext-maintainers/attachments/20180917/4e9cfcb6/attachment.sig>
More information about the Pkg-mozext-maintainers
mailing list