Rethink our patches with Thunderbird 60
TB 60 comes with improvements related to protocols vs. security.
See screenshots when trying to validate a configuration with a cleartext SMTP server as discovered by the config wizard.
It seems it might be time to re-evaluate the Tails-specific patches.
Related to Tails -
|Related to Tails - Bug #12203: Thunderbird account setup wizard fails with "Programming bug. Assertion failed, see log." when using Manual config||Confirmed||2017-01-31|
#7 Updated by lamby 2018-09-14 13:50:19
- Assignee changed from lamby to intrigeri
Bug #15790, did we discuss this? I don’t recall doing so, thus just wondering if it’s a mistake to assign it over to me specifically? And, again, if it’s “to be discussed” feel free to assign back - I note the “2019” target.
#9 Updated by anonym 2018-10-22 14:10:39
- Status changed from Confirmed to Resolved
- Assignee deleted (
- Target version changed from 2019 to Tails_3.11
- % Done changed from 0 to 100
- QA Check set to Pass
> It seems it might be time to re-evaluate the Tails-specific patches.
Me and Ulrike already did: given the warning page we removed the “Secure protocols only” checkbox (but preserved it as a hidden pref for Tails and/or Torbirdy, although whether we want to is a pending discussion).
Note that Thunderbird only has solved one half of the protocol security problems: it warns when insecure protocols end up in the final configuration the user picks. But it will still do a insecure HTTP fetch from the mail provider before anything else that could be MitM:ed and present the user a SSL-enabled configuration (so no warninig) that points to evil.org instead of what the user wants. Our patches still fixes that, and many other things (proxy support for guessing, Tor-friendly (= higher) timeouts, disable OAth2, …).
Any way, I think this ticket is resolved. Please reopen if you think I’m mistaken!