On Mon, Feb 11, 2019 at 09:35:36PM +0100, Jelle van der Waa <jelle@vdwaa.nl> wrote:
For security@archlinux.org the Security Team wants to setup a way for reporters to securely mail encrypted issues to our email address. To limit the bus factor we want to send those emails to multiple receivers and then handle and/or forward the information appropriately. Schleuder providers an solution to this issue by decryping the sent email and re-encrypting it to the Arch Security team members.
Any reason why we don't just follow "The Apache Way"[1] (my term) and list a few of the "core" security people on our website with gpg keys? Then the user has to fetch like 2-4 keys, but I think that's much, much easier and more robust than what is proposed here. This does not require any new keys/servers/software. To make it easier to use, we could put up a file that contains all the relevant keys so that users can import them into GPG in one step. Then we just put up a link that sends to the 2-4 recipients and we are done. With a schleuder based solution, they'd also have to import the schleuder key and then they'd probably click on the email link on some page. I'd say, essentially, both solutions are equal in terms of usability. Doing it "The Apache Way", we also obviously gain full end2end encryption between the reporter and the security team. It is also much clearer for the user who will be able to read their mail, which I believe is quite important when you deal with security issues. Also keeping the recipient list small is good because it limits potentially unwanted exposure. So far I only see benefits with "The Apache Way", where I see a lot of downside with schleuder (difficult setup, additional software, likely rarely used thus might break without us knowing, no actual advantage in terms of usability/security). Am I missing something? [1] https://www.apache.org/security/ Florian