= problem =
Fedora Security Team would like to start handling sensitive security issues. One requirement is to have a secure means of communicating among a trusted group of contributors.
= analysis =
Current email solutions, including private listserv instances, don't adequately protect sensitive security information.
= enhancement recommendation =
We would like to use something like https://github.com/letoams/openpgpkey-milter for incoming requests to security@fp.o so messages are re-encrypted to a small number of trusted individuals.
I'm really not sure how much more security this gets you... the email would travel accross who knows what mail servers to reach us before being encrypted.
Also, I love the disclaimer on that project... "prerelease software".
Replying to [comment:1 kevin]:
Well, the point is that the sender could use GPG to protect the email where the remailer would unencrypt the message and then encrypt it to the recipients of the group.
:)
Well, it's been 7 months here and the security group seems pretty quiet. Is this still desired? :grin:
Closing out.
:city_dusk:
Metadata Update from @kevin: - Issue close_status updated to: Will Not/Can Not fix - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.