Update RNP to a snapshot from october 2020
Categories
(MailNews Core :: Security: OpenPGP, enhancement)
Tracking
(thunderbird_esr78+ fixed, thunderbird83 affected)
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(3 files)
47 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-esr78+
|
Details | Review |
47 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-esr78+
|
Details | Review |
47 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-esr78+
|
Details | Review |
Nickolay, stable Thunderbird currently uses an RNP snapshot from 2020-09-13, see bug 1664885.
It seems useful to pick a newer RNP snapshot to get the recent bugfixes.
Do you consider any of the recent changes to RNP as risky?
Do you think we should pick up RNP's most recent primary development snapshot for the stable Thunderbird branch?
Comment 1•3 years ago
|
||
Kai,
Everything which settles onto the master now is considered to be 'safer to use then before', as we try as much as possible to not change the previous behavior and do not change the FFI API at all, except some rare or security-related cases.
Since September we changed internally the way of keys import to allow importing keys one-by-one, but that was tested well and must not have any troubles. Also we changed default encrypting subkey selection (use the latest valid one), but as I understand you pick it manually from the code.
So it should be safe to use the latest commit.
Right after goals for v 0.14 are finished, I think it would be better to switch to the release-based way.
Assignee | ||
Comment 2•3 years ago
|
||
Assignee | ||
Comment 3•3 years ago
|
||
Thanks Nickolay. I've been running a snapshot from 2020-10-30 for a few days already, and haven't noticed any new issues.
Comment 4•3 years ago
|
||
Comment 5•3 years ago
|
||
Depends on D96563
Pushed by thunderbird@calypsoblue.org:
https://hg.mozilla.org/comm-central/rev/f8df8132c53b
Remove RNP's CMakeSettings.json via update_rnp.sh. r=kaie
https://hg.mozilla.org/comm-central/rev/0f38d3b698bb
RNP 2020-10-30. r=rjl
https://hg.mozilla.org/comm-central/rev/f9cf8c5973a6
Update openpgp.configure for RNP October 2020 update. r=kaie
Updated•3 years ago
|
Updated•3 years ago
|
Assignee | ||
Comment 7•3 years ago
|
||
This should go to esr78, but I'm unsure if we should include in 78.5, might need more c-c and 84beta baking to be safe.
Thoughts?
Comment 8•3 years ago
|
||
Probably a goo idea to let it bake on beta until 78.6.
Assignee | ||
Comment 9•3 years ago
|
||
Comment on attachment 9186887 [details]
Bug 1675516 - RNP 2020-10-30. r=rjl
Not a regression. Should use updated RNP snapshot with security fixes.
I think the baking period was sufficient, haven't heard of new problems.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Updated•3 years ago
|
Comment 10•3 years ago
|
||
Comment on attachment 9186907 [details]
Bug 1675516 - Update openpgp.configure for RNP October 2020 update. r=kaie
[Triage Comment]
Approved for esr78
Comment 11•3 years ago
|
||
Comment on attachment 9186887 [details]
Bug 1675516 - RNP 2020-10-30. r=rjl
[Triage Comment]
Approved for esr78
Comment 12•3 years ago
|
||
Comment on attachment 9186906 [details]
Bug 1675516 - Remove RNP's CMakeSettings.json via update_rnp.sh. r=kaie
[Triage Comment]
Approved for esr78
Assignee | ||
Comment 13•3 years ago
|
||
Description
•