[Tails-dev] #8999: Claws Mail leaks cleartext of encrypted e…

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Old-Topics: Re: [Tails-dev] PGP MIME is insecure (for me)
Subject: [Tails-dev] #8999: Claws Mail leaks cleartext of encrypted email to the IMAP server [was: Re: PGP MIME is insecure (for me)]
During the last monthly meeting I volunteered to issue a security
advisory about the fact that Claws saved unencrypted emails to Drafts
and Queue folders on the IMAP server.

I've been gathering info and doing shitloads of testing, and I think we
have (almost) all the information to explain this properly and fix what
can be fixed in Tails.

So please review and comment on the synopsis from #9161.

If you agree with my analysis, the questions that we (as a project) need
to answer now are:

- Do we want to propose POP by default? (#9303)
- Do we want to ship Claws backports 3.10.1-2~bpo70+1? (#9302)

I'll raise those issues during the meeting tonight.

--
sajolida