[arch-devops] security at archlinux.org address
Florian Pritz
bluewind at xinu.at
Mon Feb 11 21:48:36 UTC 2019
On Mon, Feb 11, 2019 at 09:35:36PM +0100, Jelle van der Waa <jelle at vdwaa.nl> wrote:
> For security at archlinux.org the Security Team wants to setup a way for
> reporters to securely mail encrypted issues to our email address. To
> limit the bus factor we want to send those emails to multiple receivers
> and then handle and/or forward the information appropriately. Schleuder
> providers an solution to this issue by decryping the sent email and
> re-encrypting it to the Arch Security team members.
Any reason why we don't just follow "The Apache Way"[1] (my term) and
list a few of the "core" security people on our website with gpg keys?
Then the user has to fetch like 2-4 keys, but I think that's much, much
easier and more robust than what is proposed here. This does not require
any new keys/servers/software.
To make it easier to use, we could put up a file that contains all the
relevant keys so that users can import them into GPG in one step. Then
we just put up a link that sends to the 2-4 recipients and we are done.
With a schleuder based solution, they'd also have to import the
schleuder key and then they'd probably click on the email link on some
page. I'd say, essentially, both solutions are equal in terms of
usability.
Doing it "The Apache Way", we also obviously gain full end2end
encryption between the reporter and the security team. It is also much
clearer for the user who will be able to read their mail, which I
believe is quite important when you deal with security issues. Also
keeping the recipient list small is good because it limits potentially
unwanted exposure.
So far I only see benefits with "The Apache Way", where I see a lot of
downside with schleuder (difficult setup, additional software, likely
rarely used thus might break without us knowing, no actual advantage in
terms of usability/security). Am I missing something?
[1] https://www.apache.org/security/
Florian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20190211/91e28463/attachment.sig>
More information about the arch-devops
mailing list