From 03993708d4d1fb327f102f45d7aa4e9c4fa8237b Mon Sep 17 00:00:00 2001 From: Eli Schwartz <eschwartz@archlinux.org> Date: Thu, 10 Jan 2019 11:38:38 -0500 Subject: [PATCH] preferences: disable pEpAutoDownload by default and avoid p=p Distributions should not automatically download this untrusted code; should be opt-in by users or be packaged separately. Additionally, we are an advanced distro and should generally avoid p=p in favor of the user's PGP keys. Moreover, p=p is undocumented and seems to lead to unintuitive use of the wrong PGP keys in new installations. --- package/prefs/defaultPrefs.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/prefs/defaultPrefs.js b/package/prefs/defaultPrefs.js index d5ca1249..f7ddc864 100755 --- a/package/prefs/defaultPrefs.js +++ b/package/prefs/defaultPrefs.js @@ -14,7 +14,7 @@ // 0: force using Enigmail // 1: automatic mode (use pEp if Enigmail and S/MIME are not configured for any identity) // 2: force using pEp -pref("extensions.enigmail.juniorMode", 1); +pref("extensions.enigmail.juniorMode", 0); // the last configured Enigmail version pref("extensions.enigmail.configuredVersion", ""); @@ -204,7 +204,7 @@ pref("extensions.enigmail.warnDownloadContactKeys", true); pref("extensions.enigmail.wrapHtmlBeforeSend", true); // automatically download pepmda if it is available (without askin user) -pref("extensions.enigmail.pEpAutoDownload", true); +pref("extensions.enigmail.pEpAutoDownload", false); // holds the last result of the last check for pEp updates pref("extensions.enigmail.pEpLastUpdate", 0); -- 2.23.0