thanks for this thinking and testing and analysis, anarcat!
On Tue 2018-10-30 11:46:35 -0400, Antoine Beaupré wrote:
> The result will be that users will run an outdated version (if they
> don't notice the package's removed or the announcement)
the version of enigmail in debian jessie i believe simply will not run
with the updated thunderbird. i haven't tested it.
> or will run an up to date but possibly insecure version (if they
> install the Addons version from Mozilla which downloads an arbitrary
> binary from the network, see #891882).
downloads *and runs* an arbitrary binary from the network :(
I'm sorry i don't have more cycles to spend on supporting jessie myself,
but if there are things we should be doing in debian stable and/or
unstable that would make the work on jessie easier, please let me know.
all the best,
--dkg
Attachment:
signature.asc
Description: PGP signature