Mailpile already has a rather thought-through security model. But as with any other piece of software, there is always (some) room for further improvements. This post on a Github issue sparked my interest:
I’ve done some work toward using firejail to sandbox calls to external utilities. Events in RL conspired to derail my work on that, and I never got back to it. I’d like to finish that work.
I don’t have a lot of time to devote, so I don’t know that I can pledge to contribute in a sustained/consistent way.
This can be further complimented by sandboxing/jailing/pledging/unveiling the browser - which poses a rather large attack vector. The browser being unable to touch the Mailpile data folder is one extra defense barrier.
Is there any interest for such paranoia setups and tools? Because if so, I (perhaps with the help of others) can write docs and tools to lock Mailpile down even further.