Comment 2SBZ Re: 1.7.2 unusable

Story

Popular PGP Email add-on Enigmail addresses security gaps

Preview

1.7.2 unusable (Score: 2, Informative)

by seriously@pipedot.org on 2014-09-12 08:46 (#2SAA)

I've been using enigmail for years but the recent update to 1.7.2 made it unusable.

Besides being suddenly very slow, it is now saving *all* drafts as encrypted even the one sent to people not using PGP. I don't know what's going on, but the end result seems to be that if the mail I'm writing has embedded images (*not* distant online images, just inline in the flow of the text), as soon as it is auto-saved in the draft folder (after 2-3 minutes), the inline images become "broken" (white square with dead link symbol).

The solution I've seen so far ? don't use html in emails, just plain text. But that doesn't fit very well in my workflow of sending inline graphs with comments around.

I downgraded to 1.7 since I'm don't feel impacted by the bugs (I never used the encryption, only the signing) and it's working fine. I'll try to fill a bug whenever I've time.

Sorry for the Friday morning's rant ... seriously :-)

Re: 1.7.2 unusable (Score: 2, Informative)

by seriously@pipedot.org on 2014-09-12 14:57 (#2SB4)

Besides being suddenly very slow, it is now saving *all* drafts as encrypted
okay, in all honesty, it's highly likely that the slowness is because it is saving all the drafts and that the mail I was working on had several embedded figures making it quite heavy in size.

Still, this shouldn't happen. I disabled all the checkbox and I'm not even using IMAP, so not a chance that the draft could leak to a distant server.

Re: 1.7.2 unusable (Score: 0)

by Anonymous Coward on 2014-09-12 18:08 (#2SBJ)

Honestly, from the linked article it sounds as if their entire development and, more importantly, testing model is a complete mess. I wouldn't feel comfortable trusting anything this application does.

First TrueCrypt and now this. Why are the important open source crypto teams so squirrelly?

Re: 1.7.2 unusable (Score: 1, Funny)

by Anonymous Coward on 2014-09-12 20:39 (#2SBZ)

you forgot OpenSSL of heartbleed fame ;-)

Moderation

Time Reason Points Voter
2014-09-13 02:08 Funny +1 bryan@pipedot.org

Junk Status

Marked as [Not Junk] by bryan@pipedot.org on 2015-01-03 01:04