Re: RFC: advise against using Proton Mail for Debian work?
On 15 November 2023 5:10:50 am IST, Nicholas D Steeves <sten@debian.org> wrote:
>On the surface, this means Proton Mail (free account) is great! And for
>general use, I feel like we should be supportive of them; however, I'm
>starting to wonder if we need to recommend against the use of Proton
>mail for Debian work for the following two reasons:
>
>1. I've received a report that this provider is not appropriate for DM
>and DD use, because the key pair is stored on their servers. Ie: The
>applicant doesn't control the means to validating identity and
>authorship.
100% agreed.
I once advocated a DM who uses protonmail and a few months (after they became a DM), I came to know about PM's storing keys in the server.
So I quickly checked with the person in question if they pushed their keys to PM's servers, and to my utter horror, they did.
I quickly made the keyring maint know and their keys were removed immediately and a new pair of keys were later added back after a few months when enough trust was established for those.
This is not the only instance I faced this. Another individual whom I advocated for being a DM also did this, but we found out about it before the process started.
People who are new to the GPG thing end up thinking it's okay to add their keys to PM - which is fine, but this is as good as compromised from the debian view which I think is correct.
Due to this, I'm always skeptical whenever I receive a PGP signed or encrypted email from protonmail.
>2. The Proton Mail web client automatically encrypts email to anyone who
>it has a key for. Usually, this would be a great thing, but it means
>that emailing 1234 at bugs.debian.org while CCing
>uploader_since_this_is_an_RC_bug@debian.org will encrypt the email that
>is sent to the BTSe...which has the effect of making Debian development
>veiled in plain sight rather than "in the open".
Does it not encrypt email per-sender?
>I see three outcomes:
>
>A) Continue to explain this to new contributors on a one-by-one basis.
>B) Advise against using Proton Mail for Debian work (where? our wiki?)
It might be good to give a warning about pushing PGP keys to proton mail's servers and it's implication on debian work *and* also inform new contributors on one by one basis who may not have seen the wiki.
I also think that providers that do not offer IMAP/POP3 are not very recommended for debian work too as you lose the ability to use a mailing client (and sign your mails). I think it'd be good to add a note about that as well. I've seen at least 2 people start with a tutanota email address and later switch due to this reason.
>C) Proton Mail begins to do something differently on their end, such as
>offering some features to Debian contributors that currently require a
>subscription.
This does not look feasible since 'Debian contributors' is a broad term and it'd be impractical to classify people there and give them access.
What could _maybe_ make sense is to have case-by-case endorsements for debian contributors to get such features.
>P.S. Also, at what point should we add them to CC and/or write them an
>open letter?
I think whenever we reach a sensible way forward :)
If they don't already, probably adding a warning regarding PGP keys in their webUI could be good as well.
Best,
Nilesh
Reply to: