Re: encrypted popcon submissions

To: Peter Palfrader <weasel@debian.org>
Cc: debian-devel@lists.debian.org, popcon-developers@lists.alioth.debian.org, DSA <debian-admin@lists.debian.org>
Subject: Re: encrypted popcon submissions
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Fri, 10 May 2013 22:36:25 +0100
Message-id: <[🔎] 20877.26713.358696.748087@chiark.greenend.org.uk>
In-reply-to: <[🔎] 20130510204425.GG22859@anguilla.noreply.org>
References: <[🔎] 20130510200206.GB31106@yellowpig> <[🔎] 20130510204425.GG22859@anguilla.noreply.org>

Peter Palfrader writes ("Re: encrypted popcon submissions"):
> Do you think the benefits outweight the drawback that the admin no
> longer can be certain we don't send anything we shouldn't?

This is a very good point but it can be easily dealt with: the
encrypted message should have two recipients, one of which is a key
whose private half is known to the administrator.  By default it would
be a key created for the popcon installation the first time it would
be used.

Then a suspicious administrator can use their private key to decrypt
the messages to see what's in them, and a well-organised administrator
can drop their public key into the popcon config so they can do it
with their own email client.

Ian.

Reply to:

References:
- encrypted popcon submissions
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
- Re: encrypted popcon submissions
  - From: Peter Palfrader <weasel@debian.org>

Prev by Date: Bug#707740: general: fails with video Hi10p
Next by Date: Re: 2013 sometimes still feels like 2003 or 1993 (Re: NEW processing during freezes
Previous by thread: Re: encrypted popcon submissions
Next by thread: Re: encrypted popcon submissions
Index(es):
- Date
- Thread