Re: [Tails-dev] PGP MIME is insecure (for me)

Delete this message

Reply to this message
Author: emmapeel
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] PGP MIME is insecure (for me)
Adam Burns:
> Hi intrigi, sajolida, and others,
>
>
> Quick tests under version *3.11.1* (in Fedora 21) show the problem to go
> away (yay!) when deselecting Preferences->Writing->Automatically save
> messge to Draft->Even if message is to be encrypted". This should be
> templatable.
>
> Don't know the policy on application version bumping in Tails, but it
> appears that the easiest way forward may be to upgrade Claws to >3.10?
>
>>> It's also my belief that a solution be documented as soon as possible to
>>> publicize to existing users on existing versions the risk and how to mitigate
>>> it.
>>
>> Fully agreed. I believe BitingBird has added notes to this effect on
>> an existing ticket, but I don't remember which one. BitingBird, will
>> you take it from now on, and perhaps introduce Adam to our processes
>> and tools to work on documentation?
>
> I assume BitingBird has been busy, but if there are pointers to this,
> would appreciate them to help out in more depth.
>

I opened a ticket a while ago for backporting Claws Mail 3.11.1 because
of the gnutls feature, here it is:

https://labs.riseup.net/code/issues/8305

Then the tickets about Alan found leaks can be found from

https://labs.riseup.net/code/issues/8999

(there are several subtasks)


3.11.1 seems to be a nice release with already two reasons for
backporting to Wheezy, in case anybody is interested...


cheers