[dev] PGP keys for security at horde.org
Michael J Rubinsky
mrubinsk at horde.org
Tue Jul 1 15:44:14 UTC 2014
Quoting Thomas Jarosch <thomas.jarosch at intra2net.com>:
> Hi,
>
> given the recent development in world wide data snooping
> of government agencies, I guess it would be a good idea
> if there's a secure way to report issues to security at horde.org.
>
> Otherwise information about possible exploit vectors might fall
> into the "wrong" hands before a fix is publicly released.
>
> We could define a set of PGP keys on http://wiki.horde.org/SecurityManagement
> that could be used to report issues on the "security" email alias. Or we
> could create a distinct PGP key that's shared among a few trusted people.
>
> Opinions?
While I don't have any objections to creating a shared PGP key for
this purpose, there is really no way to enforce the use of sending an
encrypted email. This would require someone to search for, and find,
the keys to use. I just don't see the advantage if we can't enforce it.
--
mike
The Horde Project
http://www.horde.org
https://www.facebook.com/hordeproject
https://www.twitter.com/hordeproject
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5869 bytes
Desc: S/MIME Signature
URL: <http://lists.horde.org/archives/dev/attachments/20140701/342c556e/attachment.bin>
More information about the dev
mailing list