1 |
On Mon, 05 Dec 2016 14:50:30 -0500 |
2 |
"William L. Thomson Jr." <wlt-ml@××××××.com> wrote: |
3 |
|
4 |
> Also why is GPG signing no longer required? |
5 |
> |
6 |
> That alone can help ensure emails are coming from who they say they are. Not |
7 |
> sure how I was able to sign an email with an email not part of my GPG key. Not |
8 |
> sure if that is kmail bug or by design. |
9 |
|
10 |
1. Obviously it would be harmful to require non-devs to sign all their email to the -dev ml |
11 |
|
12 |
It would form a substantial barrier to discussion contribution. |
13 |
|
14 |
2. Being lax here means there's no technical barrier preventing people |
15 |
replying hastily to emails using their phone or somesuch, which may not be |
16 |
equipped with satisfactory cryptography tools for GPG signing. |
17 |
|
18 |
In fact, forcing GPG everywhere is more disposed to creating problems, |
19 |
where people would employ weak GPG implementations just to circumvent the requirements, |
20 |
or have weak GPG installs to make the hassle of constantly entering your GPG key |
21 |
password go away, and/or distributing your GPG keys in unsafe ways. |
22 |
|
23 |
Its better on a "as you need it" basis, where people who *want* to sign *can* |
24 |
and are *encouraged* to. |
25 |
|
26 |
And emails from @gentoo devs can be read without needing a signature, but |
27 |
if it comes to a situation where a dev needs to put any kind of weight behind |
28 |
that email, that is a situation where you can *require* GPG without needing |
29 |
it being a blanket approach. |
30 |
|
31 |
As long as you keep in mind that every unsigned email is potentially |
32 |
a forgery, and that for sensitive matters a signed email is required, |
33 |
then there is no real need for a technical gatekeeper that forces signatures. |
34 |
|
35 |
I would instead hope for an alternative: |
36 |
|
37 |
1. Emails from @gentoo devs without signatures are clearly marked as such |
38 |
2. Emails from @gentoo devs *with* signatures have the signature verified |
39 |
as being both a "known signer" in LDAP and a signer that corresponds to |
40 |
the @gentoo email address, and are clearly marked if this validation fails. |
41 |
|
42 |
This data would be especially helpful to display in archives etc, where |
43 |
the GPG data and raw headers etc may be lost transiently on the way to the archive. |
44 |
|
45 |
Presently, *only the messageid* gives away that this is a forgery: |
46 |
|
47 |
https://archives.gentoo.org/gentoo-project/message/adc634b0fd1a8b42305bf783f06ac218 |