On Thu, May 25, 2006 at 02:13:38AM +0200, Henning Makholm wrote:
> Scripsit "Kevin B. McCarty" <[EMAIL PROTECTED]>
>
> > Taken to extremes, this implies that (1) DD's should only receive mail
> > sent to boxes under their own control and (2) all mail passing through
> > debian-private should, for each subscriber to the list, be encrypted
> > individually to the public key on file for her/him.
>
> > Come to think of it, (2) isn't a bad idea. Is it feasible for this to
> > be done transparently?
>
> It may or may not be feasible to do it transparently on the list
> software side, but it certainly isn't feasible to do it on the reader
> side. I for one certainly am not going to make a daily effort to move
> mail from the internet-connected box to the one that knows my secret
> key, and type in my 100+ character passphrase several times in order
> just to get to know that ${INSERT_RANDOM_DD} will be on vacation.
> Better to drop -private completely then, and what does that gain
> anybody?
If we are to be paranoid, another possibility is that a POP server
is made available in a Debian controlled box just for debian-private
use by DD, so debian-private mail is sent there, and nowhere else, and
retrieved from there by DD. Some security adjustments might be needed.
--
Agustin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
