migrated from:
https://github.com/Whonix/Whonix/issues/17
install:
update documentation for next Whonix version:
https://www.whonix.org/wiki/E-Mail#Mozilla_Thunderbird_with_TorBirdy
sudo apt-get install icedove xul-ext-torbirdy enigmail requires 92.4 MB of additional disk space. Still worth it?
Email is a basic activity that we should provide a secure answer for. However I can see how a growing image size isn't good for Whonix infrastructure.
How about introducing install scripts that fetch packages optionally and configure them as needed? Its like tbb-launcher except the distribution and verification is all handled by apt. Icedove doesn't need configuration of safe defaults but electrum would. Uninstalling would be manual and not covered by scripts .
That way we can give people secure defaults while not bloating up the image to cover every use case under the sun.
How we present these scripts is another thing:
Will they be icons that run the script like tbb? Not a solution because desktop clutter.
How about a folder on the desktop with the install scripts inside and a way to run them be double clicking - no terminal needed? The script names would be straightforward for example this one is called "Email" and so on.
For example let's say electrum creates a folder under the user's home directory for its settings (like xchat). Can whonix ship with an artificially created folder containing the wrapper script or will it be overwritten when the user installs the program?
If its the latter, the install script will need to move the wrapper script into the program's directory from another location, after the install is done.
install scripts:
Probably not. apt-get automation is very difficult due to issues introduced at a higher levels. More info:
https://www.whonix.org/wiki/Dev/Automatic_Updates
electrum:
https://phabricator.whonix.org/T215#3208
FAI is a flexible framework for unattended Debian installs but can be used for much more including automatic package installs. Its a decade old and robust, used for massive Debian deployments. Each feature can be used alone.
The idea here is to tell FAI the packages we want and it handles apt completely. Seems to get around the problems of talking to apt directly. What do you think?
It's a different category of tool. More like in the category as grml-debootstrap. A handy tool for sysadmins. Not so much for distributions. Not for install scripts after the system has already been installed.
I am not happy with documentation yet.
If you read the help for Convenient Encryption (help button next to this button), it sounds pretty insecure. I am not opposed to anyone using gpg like this in a causal not so caring way, but it's not something to encourage in a security guide. Also 'confirm before sending', 'Always' should stay recommended for serious usage.
Also, we're not jessie based yet (therefore install from Debian repository unfortunately not yet possible), Whonix 11 stable not out yet.
Also 'confirm before sending', 'Always' should stay recommended for serious usage.
I don't see this option in Enigmail the menus have changed since the instructions were made and so I thought this obsolete option became Convenient Encryption.
Also, we're not jessie based yet (therefore install from Debian repository unfortunately not yet possible), Whonix 11 stable not out yet.
Please change them to Jessie instructions whenever you release stable.
If you decided to integrate Icedove in Whonix can you please set it to open links in messages from Tor Browser?
You mean
?
We're already doing this.
Implemented by:
https://github.com/Whonix/tb-default-browser
There is just a related apparmor question:
https://www.whonix.org/forum/index.php/topic,97.msg8765.html#msg8765
You mean
open icedove see some link click the link opens the link in Tor Browser
Yeah.
Good stuff, thanks
Install Icedove (Thunderbird) + TorBirdy + Enigmail, added icedove, enigmail and xul-ext-torbirdy to anon-workstation-packages-recommended - https://phabricator.whonix.org/T113:
https://github.com/Whonix/anon-meta-packages/commit/33c41008270345b8f780e0a4afaf35afde8ec56d