[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails



#5463: BridgeDB must GPG-sign outgoing mails
----------------------+-----------------------------------------------------
 Reporter:  rransom   |          Owner:                   
     Type:  defect    |         Status:  needs_information
 Priority:  critical  |      Milestone:                   
Component:  BridgeDB  |        Version:                   
 Keywords:            |         Parent:                   
   Points:            |   Actualpoints:                   
----------------------+-----------------------------------------------------
Changes (by aagbsn):

  * status:  new => needs_information


Comment:

 I wrote some (untested) code as starting point, using gpgpme (python-
 gpgme)

 https://gitweb.torproject.org/user/aagbsn/bridgedb.git/commit/c166119dec14584ad14dcf50b2a98ff9f719892a

 Now for some questions:

 Is it OK to use unprotected protected keyfile?
 Is gpg clearsign fine here?
 What sort of friendly and encouraging text do we want to include to
 inspire users to actually verify messages? And, if the instructions we
 link to are on www.tpo, and *.tpo is blocked, what now?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5463#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs