GNU bug report logs -
#47660
Add link to the ticket when someone reply
Previous Next
Reported by: bo0od <bo0od <at> riseup.net>
Date: Thu, 8 Apr 2021 17:40:01 UTC
Severity: normal
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
Not gonna go with details about email thing (not what the ticket is
about), But just clarify what you asked:
> I couldn't parse this. What does ‘they are exist by names but does
nothing’
> mean?
having TLS connection is not oh wow im secured now. TLS has versions and
many other stuff like ciphers , HSTS ...etc if not all of them lined
securely mean secure TLS version, secure ciphers,...etc you gonna have
TLS/https just by name, but it makes no different from having it or not.
Check for e.g: DEF CON 17 - Moxie Marlinspike - More Tricks for
Defeating SSL
https://yewtu.be/watch?v=5dhSN9aEljg
So as for DNS (DNSSEC..etc).
Hope this clarify the sentence.
> Guix' bug tracking software is ‘GNU Bug Tracker’. You could ask it on
yeah sadly just no respond (wasn't surprised)
Maxime Devos:
> On Thu, 2021-04-15 at 17:00 +0000, bo0od wrote:
>> To be honest i find this bad thing to use emails to do anything rather
>> than online registration and not necessary stuff (means being
>> encrypted,manipulated.. just not something important)
>
> To be honest, I find it a bad thing that many projects (I'm looking at
> GitHub here (*)) only have a web interface, that require registration
> (and often have terms of service I would consider criminal). Then there
> are multiple web sites requiring registration that I need to keep track
> of.
>
> (*) Ok, GitHub has e-mail notifications. But I can't directly reply to them,
> I need to go to the web interface. At least, that was the case N years ago.
>
> I like being able to perform all asynchronuous communication via e-mail,
> instead of via a dozen platforms. With e-mail, you get signing ‘for free’,
> while with $PLATFORMS, you need to rely on each $PLATFORM infrastructure
> or resort to ...
>
> (my intepretation of your words, out of context, with encryption replaced with
> signing)
>> extra tools, where you have to copy the message into the tool, let the
>> tool verify the signature. Or write a message into the tool, let the
>> tool create the signature, and copy the message+signature into the web
>> interface.
>
>> Email sucks due to:
>> * Messages are not encrypted by default which mean it need an extra tool
>> to do it and commonly used is GPG/PGP + it needs tool to implement this
>> encryption on the messages which mean mail reader/client most commonly
>> one used is thunderbird/icedove <- This method having tremendous
>> security issues check for example: [...]
>
> Not relevant for our purposes. Issues are public. Only PGP for signing is
> relevant here. Also, PGP + Evolution works just fine for me, and evolution
> doesn't download external attachements by default.
>
>> * Most of the time (not always) heavily rely on clearnet which mean
>> issues of TLS/DNS which needs to be hardened otherwise they are exist by
>> names but does nothing.
>
> I couldn't parse this. What does ‘they are exist by names but does nothing’
> mean?
>
>> ..This is out of scope to discuss this in details, I just want to see
>> the bug URL linked to the bottom of the email i receive thats it.
>
> Guix' bug tracking software is ‘GNU Bug Tracker’. You could ask it on
> that project's mailing lists. Now I see you did that already:
> <https://lists.gnu.org/archive/html/help-debbugs/2021-04/msg00000.html>.
>
> I don't have anything else to say on this topic; I'm not sending further replies.
>
> Greetings,
> Maxime.
>
This bug report was last modified 3 years and 149 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.