[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5463 [BridgeDB]: BridgeDB must GPG-sign outgoing mails
#5463: BridgeDB must GPG-sign outgoing mails
----------------------+-----------------------------------------------------
Reporter: rransom | Owner:
Type: defect | Status: needs_information
Priority: critical | Milestone:
Component: BridgeDB | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Changes (by aagbsn):
* status: new => needs_information
Comment:
I wrote some (untested) code as starting point, using gpgpme (python-
gpgme)
https://gitweb.torproject.org/user/aagbsn/bridgedb.git/commit/c166119dec14584ad14dcf50b2a98ff9f719892a
Now for some questions:
Is it OK to use unprotected protected keyfile?
Is gpg clearsign fine here?
What sort of friendly and encouraging text do we want to include to
inspire users to actually verify messages? And, if the instructions we
link to are on www.tpo, and *.tpo is blocked, what now?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5463#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs