Hi, pulling gnupg or enigmail from backports would only solve the problem for new installations, but doesn't help users who have both thunderbird and enigmail installed, only have stretch and stretch-security in the sources.list (what I'd expect to be the majority) and are now trying to run "apt upgrade":
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
icedove lightning thunderbird
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
So this is blocking security upgrades.
Simon
signature.asc
Description: OpenPGP digital signature
