Package: thunderbird
Severity: wishlist

There is a new OpenPGP backend for thunderbird.
https://lib.rs/crates/sequoia-octopus-librnp

and fedora is already offering packages to test it,

https://discussion.fedoraproject.org/t/sequoia-pgp-packages-and-alternative-thunderbird-openpgp-backend-ready-for-testing/28787

they list some of the advantages in the linked article,

The “Octopus” backend for Thunderbird has several advantages compared to the bundled RNP backend:

integration with the GnuPG keyring
integration with running gpg agents
no support for weak cryptographic standards
in-memory-encryption of GPG keys
restrictions for SHA-1 use and mitigations for SHA-1 collision attacks
better conformance and compatibility with OpenPGP than librnp
better performance (parallelized parsing, background tasks as threads)
memory- and thread-safe implementation in Rust
uses system nettle as cryptography library instead of botan (which is not available in RHEL)

Since it is not yet ready for production use, we could offer it as an option in experimental.

Reply via email to