From b1b08eeaff1bb794b0deeea54c6749b1e15ca910 Mon Sep 17 00:00:00 2001
From: Austin Horstman <khaneliman12@gmail.com>
Date: Tue, 28 Apr 2026 09:55:18 -0500
Subject: [PATCH] thunderbird: clarify external gnupg

Clarify that this option only enables Thunderbird external GnuPG
integration and does not import or accept public keys in the Thunderbird
OpenPGP key manager.
---
 modules/programs/thunderbird.nix | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/modules/programs/thunderbird.nix b/modules/programs/thunderbird.nix
index b24c7ca36..433994aba 100644
--- a/modules/programs/thunderbird.nix
+++ b/modules/programs/thunderbird.nix
@@ -540,7 +540,16 @@ in
                   type = types.bool;
                   default = false;
                   example = true;
-                  description = "Allow using external GPG keys with GPGME.";
+                  description = ''
+                    Allow Thunderbird to use external GnuPG secret keys through
+                    GPGME, as used by its documented smartcard and external-key
+                    workflow.
+
+                    This installs `gpgme` and sets
+                    `mail.openpgp.allow_external_gnupg`. Public keys and key
+                    acceptance settings still live in Thunderbird's internal
+                    OpenPGP key manager.
+                  '';
                 };
 
                 userChrome = mkOption {