[Pkg-mozext-maintainers] Bug#869774: thunderbird 52 needs enigmail 1.9.8 or later [was: Re: Bug#869774: Corrections - propably wrong cause]

Moritz Muehlenhoff jmm at inutil.org
Thu Jul 27 14:21:21 UTC 2017

On Thu, Jul 27, 2017 at 09:59:46AM -0400, Daniel Kahn Gillmor wrote:
> Control: affects 869774 + thunderbird
> Control: retitle 869774 thunderbird 52 needs enigmail or later
> Control: forwarded 869774 https://sourceforge.net/p/enigmail/bugs/687/
> Hi there--
> On Thu 2017-07-27 12:42:26 +0300, Adrian Bunk wrote:
> > After a short look at [1] there seem to be problems with Thunderbird 52 
> > left in the enigmail 1.9.7 in Debian 9, that are either fixed in 
> > in Debian unstable or might even require further upstream fixes.
> >
> > Is your problem fixed when you install the 2: package from unstable?
> I can confirm that enigmail 2: (from debian testing) installs
> successfully on jessie and that it appears to fix the underlying
> problem.
> I can also confirm that upstream doesn't expect enigmail 1.8.x to work
> with thunderbird 52.
> I'm looking into creating a patch for enigmail on jessie, and
> will also look into such an update for stretch.

We can provide a fixed via jessie-security/stretch-security,
but the current approach of providing Firefox/Thunderbird extensions in a
stable release is madness and really needs to stop for buster. Neither
the Firefox, Thunderbird maintainers or the security team can look after
all these extensions.

> I think this could have been avoided if the newer version of thunderbird
> had been marked as "Breaks: enigmail < 1.9.8" or something similar,
> though it's not clear how the t-bird maintainers are supposed to know
> that sort of information about every possible extension.  Perhaps
> enigmail needs to be special cased since it seems to have more of a
> history of this kind of problem?

Every maintainer of a Firefox/Thunderbird extension needs to test older
releases against the latest ESR once that reaches unstable. There's
an overlap of several months during which we provide the old ESR in
stable while the new ESR is available, this could've all been caught
before release time.


More information about the Pkg-mozext-maintainers mailing list