Hey Peter, That's a good point. GPG and the like is completely worthless for mailing lists and in fact basically does not work. But it's super useful for private communications. So the idea is that you would use gpg and a CC list for any sensitive emails. I did not mean to imply we should use it for the list.
As to the inclusiveness, I see what you are getting at but I think there is more to it then that. Encryption does not have to be exclusive of working on a project. It's usually a good idea to designate a limited number of points of contact on things like this anyways. So those points of contact can be responsible for maintaining any sensitive information and such. Anyone can still work on the rest of the project, which will be the majority of it. Not everyone really needs to know the names of the people we are working with in Syria for it to all work out. The other thing about it is that whole first do no harm concept. While I totally believe in the importance of inclusiveness, I think doing no harm takes precedence. In the situation we are talking about with Syria people could be tortured and die if we leak the wrong information. I'm ok with sacrificing a little inclusiveness in order to make sure that does not happen. In fact not just ok, doing no harm is an absolute requirement for any project I am involved in. I'm going to take a leap and say that pretty much everyone here feels the same way. It's totally worth thinking about and discussing though, thanks for bringing it up. --Trevor ___________________________ Trevor R. Ellermann @trevorellermann K0DMA GPG Key: https://ellermann.net/trevor-gpg-public-key.asc On Mon, Jan 28, 2013 at 11:04 AM, Peter Wendorff <[email protected]> wrote: > Hi Trevor. > I agree that this is an issue, but what should GPG be good for in a public > mailinglist everybody might join without any barrier? > Anyone from any government, regime, rebell group, terrorists group or > whatever wherever and in whose point of view ever might join the list and > therefore get the decrypted emails. > Using GPG here does not keep the individuals reading/writing mails safe as > long as you use E-Mail as a medium and don't close the group to a trusted > p2p group (where everybody trusts everybody to exchange a key). > > Of course: > Nothing refering to individuals in any case where that might be an issue > should be posted publicly over the Mailinglist, but encryption in general > would strictly contradict the openness of everybody-can-join, which is one > core feature of the osm mailing list system, this list included. > > regards > Peter > > Am 28.01.2013 17:37, schrieb Trevor Ellermann: >> >> Hey All, >> >> As HOT talks about getting involved in Syria I want to take a moment >> to talk about security. Email is unencrypted by default and very easy >> to intercept. The Syrian regime is known to be snooping on all >> internet traffic in Syria. They have arrested, tortured and killed >> people and in some cases their families based on emails they have >> intercepted. >> >> I want to highlight the public-ness of this email list. You don't even >> have to intercept an email to read it and with the blog post, we >> likely have brought attention to it. So before you post anything at >> all to this list about Syria, please think first about the safety of >> the people on the ground over there. >> >> Here is a page with information on basic computer security. I highly >> recommend that everyone at least glance at it and hopefully learn how >> to use gpg. >> >> http://www.patternsinthevoid.net/security.html >> >> A separate email account for encrypted communications is sometimes >> preferred. I recommend riseup for that (https://riseup.net/en). >> >> If you have any questions, thoughts or comments please don't hesitate to >> ask. >> >> --T >> >> _______________________________________________ >> HOT mailing list >> [email protected] >> http://lists.openstreetmap.org/listinfo/hot >> > > > _______________________________________________ > HOT mailing list > [email protected] > http://lists.openstreetmap.org/listinfo/hot _______________________________________________ HOT mailing list [email protected] http://lists.openstreetmap.org/listinfo/hot
