[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Doing something about "should remain private forever" emails


So everyone knows that the declassification of -private isn't going to happen 
any time soon. Why not do the opposite? there is probably more interest in 
that and would be "easier" to implement.

At present, new DDs can access emails that were sent to -private years ago. 
People who might (or might not) be a member of the project and sent an email 
may not necessarily agree to that. Or a less controversial example: put 
simply, if an unauthorised person gets a hand on master.d.o there is no hope 
for those messages.

So, "the opposite" of declassifying: instead of finding out what can be 
declassified, remove all "should remain private forever", VAC, and similar 
messages from the archive and put them in a tarball which is later encrypted 
by a key that is to be split using SSS. Effectively preventing people from 
accessing those messages unless really necessary (to the extent that the 
cooperation from people who have a part of the shared secret is needed).

Let's call this "d-private burial".

The process could be done for all messages older than d days (365, for 
example) every m months (12, for example) and new tarballs could include the 
previous one, so that only one tarball exists in master.d.o. Access to old 
tarballs would then require those who have parts of the keys to the new ones 
and those with parts of the keys of the old ones - or cracking the 
encryption, whatever happens first.


From a bag of random, years-old, thoughts,
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to: