Hi Am 14.09.20 um 20:53 schrieb Martin Wilck:
On Mon, 2020-09-14 at 10:30 +0200, Wolfgang Rosenauer wrote:
You can find the upstream FAQ here and if you are using Thunderbird with enigmal today you really should read it carefully: https://support.mozilla.org/en-US/kb/openpgp-thunderbird-howto-and-faq ...
These two answers prove to me that this feature isn't production-ready. Protecting one of the most important items for personal privacy (the GPG secret key) with just the thunderbird master password sounds like a joke. In general, not relying on gpg strikes me as a bad idea, as that's what allows sharing the same set of keys between different applications. And being unable to share or even synchronize keys with the de-facto-standard PGP encryption software seems - dumb, sorry.
It's not your fault. But perhaps let it sit in the mozilla repo for some more time.
Anyway, thanks for the warning, Martin
You have a strong argument. I am also not happy with the decision not to support any key signatures (Web of Trust). It will break my company setup with an "in-house" CA. It was hard enough to convince the Windows users to start encrypting and signing their mails. The update will create new challenges for their workflow. :( But all of this is beyond the scope of the Factory or mozilla devel repo. Let upstream know about your feelings. The best we can hope for is that they will adjust their approach while this is still fresh. We don't need another bug open for 21 years [1]! Ben [1] https://bugzilla.mozilla.org/show_bug.cgi?id=22687 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org