By Justus | April 22, 2022
We are pleased to announce a new release of the Octopus, an alternative OpenPGP backend for Thunderbird. This release notably fixes a bug that could lead to a loss of secret key material. It also includes fixes that make the Octopus compatible with Thunderbird 91.8.0.
The Octopus is an alternative OpenPGP backend for Thunderbird. By default, Thunderbird uses rnp. The Octopus is a drop-in replacement for rnp. It implements the same interface, but includes a number of enhancements.
The bug
Previously, when merging in OpenPGP certificates, the Octopus would unconditionally prefer key material from the newly merged certificate. If the current copy of the certificate contains secret key material, merging in a copy of the same certificate without secret key material would result in loss of the secret key material.
All users of the Octopus are advised to update as soon as possible. Furthermore, it is good practice to keep a backup of secret key material, and this is a good time to check if that backup actually works.
Financial Support
Since the start of the project four and a half years ago, the p≡p foundation financially supports the six people who work on Sequoia. In 2021, the NLnet foundation awarded us six grants as part of the NGI Assure program.
We are actively looking for additional financial support to diversify our funding.
You don’t need to directly use Sequoia to be positively impacted by it. We’re focused on creating tools for activists, lawyers, and journalists who can’t rely on centralized authentication solutions. So, consider donating. Of course, if your company is using Sequoia, consider sponsoring a developer (or two). Note: if you want to use Sequoia under a license other than the LGPLv2+, please contact the foundation.