Package: enigmail Version: 2:0.95.0+1-4 Try the following:
* launch an icedove process an start composing a new e-mail from an identity configured to automatically sign messages. * write the first half of a message, and then wait for the automatic "save to draft" timeout to trigger. Icedove/enigmail tries to sign the draft before storing it. This is incorrect, because a draft is not the completed message. Should the draft folder be shared, compromised, or otherwise publically visible, the half-written message will be visibly and non-repudiably signed, which is probably not the intent of the author. Depending on the message (and the frequency of the "save to draft" automatic operation), this could have bad consequences.. Interestingly, unless the autosave triggers first, explicitly choosing "save draft" from the toolbar, menu, or keyboard shortcuts does *not* have the same behavior for me. But please test for independent verification of this slight mitigation. I tested this with icedove 2.0.0.17-1 on an i386 platform with linux kernel 2.6.26. Thanks for maintaining enigmail in debian! --dkg
signature.asc
Description: OpenPGP digital signature
