Re: Why don�üt gnu.org and RMS sign mail? (was: Testing new mail server)
On Fri, 1 Nov 2019, Richard Stallman wrote: [[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > Somebody can make your settings such that you do not need to enter > passphrase, it would be kept in the file or provided as a string on > command line. > --passphrase-file file Thanks, but I really do not want to have my passphrase stored in a file on my computer. -- Dr Richard Stallman Yes. Two weeks ago I discovered that, as installed on my Debian up to date Debian systems, gpg does not actually encrypt a file. Not without disabling the absurd behavior of keeping the password around, and using it without asking me when I go to view the file. Richard and list folk! Please forgive me, but I will not be able to take much part, if any, in further conversation about this until some day likely a month from now. oo--JS. Founder, Free Software Foundation (https://gnu.org, https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: Why don't gnu.org and RMS sign mail? (was: Testing new mail server)
* Richard Stallman [2019-11-02 03:24]: > [[[ To any NSA and FBI agents reading my email: please consider]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > Somebody can make your settings such that you do not need to enter > > passphrase, it would be kept in the file or provided as a string on > > command line. > > > --passphrase-file file > > Thanks, but I really do not want to have my passphrase stored in a file > on my computer. My /home and /tmp and swap are always encrypted upon boot, and I decrypt it manually, not automatically. If computer is stolen, all information is encrypted, while encrypted backups are stored at other places. For security, if computer is turned on, and I am not in the room, the room is always closed. But if I die suddenly, nobody would get access into important information, unless I leave a write-up how to access such. Jean
Re: Why don�üt gnu.org and RMS sign mail? (was: Testing new mail server)
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > Somebody can make your settings such that you do not need to enter > passphrase, it would be kept in the file or provided as a string on > command line. > --passphrase-file file Thanks, but I really do not want to have my passphrase stored in a file on my computer. -- Dr Richard Stallman Founder, Free Software Foundation (https://gnu.org, https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Re: Why don�¼t gnu.org and RMS sign mail? (was: Testing new mail server)
* Richard Stallman [2019-11-01 03:22]: > [[[ To any NSA and FBI agents reading my email: please consider]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > I can't use GPG agent. The reasons are long and complex. Somebody can make your settings such that you do not need to enter passphrase, it would be kept in the file or provided as a string on command line. --passphrase-file file Read the passphrase from file file. Only the first line will be read from file file. This can only be used if only one passphrase is supplied. Obviously, a passphrase stored in a file is of questionable security if other users can read this file. Don't use this option if you can avoid it. Note that since Version 2.0 this passphrase is only used if the option --batch has also been given. Since Version 2.1 the --pinentry-mode also needs to be set to loopback. --passphrase string Use string as the passphrase. This can only be used if only one passphrase is supplied. Obviously, this is of very question‐ able security on a multi-user system. Don't use this option if you can avoid it. Note that since Version 2.0 this passphrase is only used if the option --batch has also been given. Since Version 2.1 the --pinentry-mode also needs to be set to loopback.
Re: Why donʼt gnu.org and RMS sign mail? (was: Testing new mail server)
* Richard Stallman [2019-10-31 03:11]: > [[[ To any NSA and FBI agents reading my email: please consider]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > I never sign my email. It would require typing my passphrase, > which is rather long, each time. The GPG Agent can cache the passphrase for long time.
Re: Why donʼt gnu.org and RMS sign mail? (was: Testing new mail server)
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] I never sign my email. It would require typing my passphrase, which is rather long, each time. -- Dr Richard Stallman Founder, Free Software Foundation (https://gnu.org, https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
Why donʼt gnu.org and RMS sign mail? (was: Testing new mail server)
Mike Gerwitz wrote: > On Mon, Oct 28, 2019 at 19:51:04 +0200, Richard Stallman wrote: >> Testing new mail server. > > This email is not legitimate---it did not originate from rms. The headers > indicate it comes from the same host that attempted to imitate bill-auger on > gnu-linux-libre list. > > I'll forward to the appropriate people. This is a significant problem. This made me extremely curious: why does neither gnu.org sign mail server-side with DKIM, nor RMS sign his own with GPG? Is there any idea behind it? signature.asc Description: PGP signature
Re: Testing new mail server
On Mon, Oct 28, 2019 at 19:51:04 +0200, Richard Stallman wrote: > [[[ To any NSA and FBI agents reading my email: please consider]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden\'s example. ]]] > > Testing new mail server. This email is not legitimate---it did not originate from rms. The headers indicate it comes from the same host that attempted to imitate bill-auger on gnu-linux-libre list. I'll forward to the appropriate people. This is a significant problem. -- Mike Gerwitz Free Software Hacker+Activist | GNU Maintainer & Volunteer GPG: D6E9 B930 028A 6C38 F43B 2388 FEF6 3574 5E6F 6D05 https://mikegerwitz.com signature.asc Description: PGP signature
Re: Testing new mail server
blague Le lun. 28 oct. 2019 à 20:33, Jose E. Marchesi a écrit : > > > Testing new mail server. > > pong. > -- Amirouche ~ https://hyper.dev
Re: Testing new mail server
Testing new mail server. pong.
Testing new mail server
[[[ To any NSA and FBI agents reading my email: please consider]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden\'s example. ]]] Testing new mail server. -- Dr Richard Stallman Founder, Free Software Foundation (https://gnu.org, https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)