Re: [qubes-users] disable split-gpg notifications?

[Andrew David Wong]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

On 2016-11-18 09:39, Michael Carbone wrote:
> Marek Marczykowski-Górecki:
>> On Fri, Nov 18, 2016 at 02:49:00PM +, Michael Carbone wrote:
>>> Is there an easy way to disable split-gpg notifications? They are just
>>> screen noise, and in XFCE cover the time and systray by default.
>>
>> The easy (hacky) way is to comment out notify-send in
>> /etc/qubes-rpc/qubes.Gpg.
> 
> thanks.
> 
>>> From a security perspective without timestamps in the access logs
>>> (https://github.com/QubesOS/qubes-issues/issues/1835) a malicious
>>> pre-approved email client could just decrypt emails in mass when the
>>> user is AFK to avoid notifying the user, so I see little security benefit.
>>
>> That's true indeed. I wonder if blocking split-gpg while screenlocker is
>> engaged would make sense? Currently similar purpose have confirmation
>> with a 5min timeout.
> 
> I think that's an excellent idea.
> 

Ticket: https://github.com/QubesOS/qubes-issues/issues/2443

- -- 
Andrew David Wong (Axon)
Community Manager, Qubes OS
https://www.qubes-os.org
-BEGIN PGP SIGNATURE-

iQIcBAEBCgAGBQJYMEWqAAoJENtN07w5UDAwzMsQAMcCQDNd17+adBDMCVLqnTEm
DvDWu8LKOHmAMaOjK4LLIP34XOt4p/0MZd+wk78DsClx/CZqsATxNXspKKXaksUn
5XoDrh5dyuwTYfqcuPhwguMEI2gtbhaNKg4ayJ0jlqO1W50uVowE10ARIQnfmjiN
j5qKKGHOj+ZrGKzSrNjFH4iURGLzPvIBKuv9/LXRcLyJj1isDxEBBRyZyNOSKxkS
QoNnq6ATDWC4j0itPxwg32S2YnOniE1c1EVbrfprDeB85XRkVbQFeO2CpzEuGFGa
srZUBaGdqi2UZgUecW39oQe27qWCpI3pk/RPwPU/zNuzUId06BYkP6q1bJyl/9Fw
0eOiPqVhMVpIr7aCXfJh6uro+zI0/jTdEGhYjdGc1gm6MiVaYbSeaJncXvNG9u/z
IBXF1+YVonDVxbZuHczy+J/Ae6g6l5hRlKHa4hDTgQphR/IaklXGsuUYvu/dfKFd
/aFyWeexxzuE+B7IKTu6RUhO7JySM93U8OYRYd4tircCPA30zf8NlOll0NEd3M+C
kkD+hRXCqifsWmSDlm9X3rOpX7PPs7lI52mJTlzgLOQdDYEbOtUOcP4JKrujMzJt
HeqADkTyP4pjiqAnoFSNc12kDOrBwukJvqK0wReisUnuqT0q2TTcBhM6mU55bTOB
uW1AzgDOeR+zHjyivNCk
=pMpg
-END PGP SIGNATURE-

-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/78bbb538-4bca-3120-3527-1c581b10e0cd%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

Re: [qubes-users] disable split-gpg notifications?

[Michael Carbone]

Marek Marczykowski-Górecki:
> On Fri, Nov 18, 2016 at 02:49:00PM +, Michael Carbone wrote:
>> Is there an easy way to disable split-gpg notifications? They are just
>> screen noise, and in XFCE cover the time and systray by default.
> 
> The easy (hacky) way is to comment out notify-send in
> /etc/qubes-rpc/qubes.Gpg.

thanks.

>> From a security perspective without timestamps in the access logs
>> (https://github.com/QubesOS/qubes-issues/issues/1835) a malicious
>> pre-approved email client could just decrypt emails in mass when the
>> user is AFK to avoid notifying the user, so I see little security benefit.
> 
> That's true indeed. I wonder if blocking split-gpg while screenlocker is
> engaged would make sense? Currently similar purpose have confirmation
> with a 5min timeout.

I think that's an excellent idea.

-- 
Michael Carbone

Qubes OS | https://www.qubes-os.org
@QubesOS 

PGP fingerprint: D3D8 BEBF ECE8 91AC 46A7 30DE 63FC 4D26 84A7 33B4


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/e391c797-5076-2955-77a1-597ebf302b9e%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.

[qubes-users] disable split-gpg notifications?

[Michael Carbone]

Is there an easy way to disable split-gpg notifications? They are just
screen noise, and in XFCE cover the time and systray by default.

>From a security perspective without timestamps in the access logs
(https://github.com/QubesOS/qubes-issues/issues/1835) a malicious
pre-approved email client could just decrypt emails in mass when the
user is AFK to avoid notifying the user, so I see little security benefit.

Thanks,
Michael

-- 
Michael Carbone

Qubes OS | https://www.qubes-os.org
@QubesOS 

PGP fingerprint: D3D8 BEBF ECE8 91AC 46A7 30DE 63FC 4D26 84A7 33B4


-- 
You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/qubes-users/bb8d2ad3-732c-0cff-f6e1-1046959cb8c9%40qubes-os.org.
For more options, visit https://groups.google.com/d/optout.