Qubes OS has a feature called Split GPG where you can keep your email client in one VM and your gpg keyring in another VM (without network access, for example). If you're using it with Thunderbird and Enigmail, you basically just have to configure Enigmail to make calls to /usr/bin/qubes-gpg-client-wrapper instead of /usr/bin/gpg2. It then basically proxies your command from your email VM to your GPG VM, then proxies the output back.
Unfortunately Enigmail 2.0.7 caused it to break: https://github.com/QubesOS/qubes-issues/issues/3989 It breaks because now Enigmail calls out to gpg with arguments like: --log-file /tmp/gpgOutput.ln9Jcr I know that 2.0.7 fixed a security bug, and presumably this was added for a reason. So my question is, is it safe for split GPG to simply ignore the --log-file argument altogether? Or does Enigmail try to do something with that log file later on, and things will break if it's not there?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
