Closed Bug 1675516 Opened 11 months ago Closed 11 months ago

Update RNP to a snapshot from october 2020

Categories

(MailNews Core :: Security: OpenPGP, enhancement)

enhancement

Tracking

(thunderbird_esr78+ fixed, thunderbird83 affected)

RESOLVED FIXED
84 Branch
Tracking Status
thunderbird_esr78 + fixed
thunderbird83 --- affected

People

(Reporter: KaiE, Assigned: KaiE)

References

Details

Attachments

(3 files)

Nickolay, stable Thunderbird currently uses an RNP snapshot from 2020-09-13, see bug 1664885.

It seems useful to pick a newer RNP snapshot to get the recent bugfixes.

Do you consider any of the recent changes to RNP as risky?
Do you think we should pick up RNP's most recent primary development snapshot for the stable Thunderbird branch?

Kai,
Everything which settles onto the master now is considered to be 'safer to use then before', as we try as much as possible to not change the previous behavior and do not change the FFI API at all, except some rare or security-related cases.
Since September we changed internally the way of keys import to allow importing keys one-by-one, but that was tested well and must not have any troubles. Also we changed default encrypting subkey selection (use the latest valid one), but as I understand you pick it manually from the code.
So it should be safe to use the latest commit.

Right after goals for v 0.14 are finished, I think it would be better to switch to the release-based way.

Thanks Nickolay. I've been running a snapshot from 2020-10-30 for a few days already, and haven't noticed any new issues.

Pushed by thunderbird@calypsoblue.org:
https://hg.mozilla.org/comm-central/rev/f8df8132c53b
Remove RNP's CMakeSettings.json via update_rnp.sh. r=kaie
https://hg.mozilla.org/comm-central/rev/0f38d3b698bb
RNP 2020-10-30. r=rjl
https://hg.mozilla.org/comm-central/rev/f9cf8c5973a6
Update openpgp.configure for RNP October 2020 update. r=kaie

Status: NEW → RESOLVED
Closed: 11 months ago
Resolution: --- → FIXED
Target Milestone: --- → 84 Branch
Depends on: 1673902

This should go to esr78, but I'm unsure if we should include in 78.5, might need more c-c and 84beta baking to be safe.
Thoughts?

Probably a goo idea to let it bake on beta until 78.6.

Comment on attachment 9186887 [details]
Bug 1675516 - RNP 2020-10-30. r=rjl

Not a regression. Should use updated RNP snapshot with security fixes.

I think the baking period was sufficient, haven't heard of new problems.

Attachment #9186887 - Flags: approval-comm-esr78?
Attachment #9186906 - Flags: approval-comm-esr78?
Attachment #9186907 - Flags: approval-comm-esr78?

Comment on attachment 9186907 [details]
Bug 1675516 - Update openpgp.configure for RNP October 2020 update. r=kaie

[Triage Comment]
Approved for esr78

Attachment #9186907 - Flags: approval-comm-esr78? → approval-comm-esr78+

Comment on attachment 9186887 [details]
Bug 1675516 - RNP 2020-10-30. r=rjl

[Triage Comment]
Approved for esr78

Attachment #9186887 - Flags: approval-comm-esr78? → approval-comm-esr78+

Comment on attachment 9186906 [details]
Bug 1675516 - Remove RNP's CMakeSettings.json via update_rnp.sh. r=kaie

[Triage Comment]
Approved for esr78

Attachment #9186906 - Flags: approval-comm-esr78? → approval-comm-esr78+
Blocks: 1671738
Blocks: 1673242
You need to log in before you can comment on or make changes to this bug.