Package: thunderbird
Severity: wishlist
There is a new OpenPGP backend for thunderbird.
https://lib.rs/crates/sequoia-octopus-librnp
and fedora is already offering packages to test it,
https://discussion.fedoraproject.org/t/sequoia-pgp-packages-and-alternative-thunderbird-openpgp-backend-ready-for-testing/28787
they list some of the advantages in the linked article,
The “Octopus” backend for Thunderbird has several advantages
compared to the bundled RNP backend:
integration with the GnuPG keyring
integration with running gpg agents
no support for weak cryptographic standards
in-memory-encryption of GPG keys
restrictions for SHA-1 use and mitigations for SHA-1 collision attacks
better conformance and compatibility with OpenPGP than librnp
better performance (parallelized parsing, background tasks as threads)
memory- and thread-safe implementation in Rust
uses system nettle as cryptography library instead of botan (which is
not available in RHEL)
Since it is not yet ready for production use, we could offer it as an
option in experimental.