[arch-devops] forum migration

Carlos Mogas da Silva r3pek at r3pek.org
Mon Feb 11 21:53:39 UTC 2019

Hi list!

On 11/02/2019 20:35, Jelle van der Waa wrote:
> For security at archlinux.org the Security Team wants to setup a way for
> reporters to securely mail encrypted issues to our email address.
Not actually questioning the motives but, is there really a *need* for this?
From now on, I'll assume "yes" here.

> * Cheapest Hetzner server 34 euro / month and 40 euro setup fees.
> * Hetzner auction server ~ 25 / month and no setup fees.
> * Different dedicated server hoster which allows custom usb devices.I would go with an auction server. They're reliable and cheap (had 2
personally already).

> * Nitrokey is out of our control, but we trust Hetzner already (ie. they
>   could easily hook up a malicious USB/BMC device already and gain root
>   privileges).
We can't be *that* paranoid  (we actually can, but given the circumstances, I really don't see the need to)

> * Server dies, the Nitrokey has to be moved to the new server.
That's a bummer. Let's not forget downtime to this. How long does it take to Hetzner to move the key? *Who* is allowed to request it?

> Questions:
> * Do we backup the key? Let someone have a separate nitrokey?
I would vote for "yes" here. Let someone have a backup key that can be used it case the production one get's

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-devops/attachments/20190211/b7bfafab/attachment.sig>

More information about the arch-devops mailing list