GNU bug report logs -
#47660
Add link to the ticket when someone reply
Previous Next
Reported by: bo0od <bo0od <at> riseup.net>
Date: Thu, 8 Apr 2021 17:40:01 UTC
Severity: normal
Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Bug is archived. No further changes may be made.
Full log
Message #35 received at 47660 <at> debbugs.gnu.org (full text, mbox):
Not gonna go with details about email thing (not what the ticket is
about), But just clarify what you asked:
> I couldn't parse this. What does ‘they are exist by names but does
nothing’
> mean?
having TLS connection is not oh wow im secured now. TLS has versions and
many other stuff like ciphers , HSTS ...etc if not all of them lined
securely mean secure TLS version, secure ciphers,...etc you gonna have
TLS/https just by name, but it makes no different from having it or not.
Check for e.g: DEF CON 17 - Moxie Marlinspike - More Tricks for
Defeating SSL
https://yewtu.be/watch?v=5dhSN9aEljg
So as for DNS (DNSSEC..etc).
Hope this clarify the sentence.
> Guix' bug tracking software is ‘GNU Bug Tracker’. You could ask it on
yeah sadly just no respond (wasn't surprised)
Maxime Devos:
> On Thu, 2021-04-15 at 17:00 +0000, bo0od wrote:
>> To be honest i find this bad thing to use emails to do anything rather
>> than online registration and not necessary stuff (means being
>> encrypted,manipulated.. just not something important)
>
> To be honest, I find it a bad thing that many projects (I'm looking at
> GitHub here (*)) only have a web interface, that require registration
> (and often have terms of service I would consider criminal). Then there
> are multiple web sites requiring registration that I need to keep track
> of.
>
> (*) Ok, GitHub has e-mail notifications. But I can't directly reply to them,
> I need to go to the web interface. At least, that was the case N years ago.
>
> I like being able to perform all asynchronuous communication via e-mail,
> instead of via a dozen platforms. With e-mail, you get signing ‘for free’,
> while with $PLATFORMS, you need to rely on each $PLATFORM infrastructure
> or resort to ...
>
> (my intepretation of your words, out of context, with encryption replaced with
> signing)
>> extra tools, where you have to copy the message into the tool, let the
>> tool verify the signature. Or write a message into the tool, let the
>> tool create the signature, and copy the message+signature into the web
>> interface.
>
>> Email sucks due to:
>> * Messages are not encrypted by default which mean it need an extra tool
>> to do it and commonly used is GPG/PGP + it needs tool to implement this
>> encryption on the messages which mean mail reader/client most commonly
>> one used is thunderbird/icedove <- This method having tremendous
>> security issues check for example: [...]
>
> Not relevant for our purposes. Issues are public. Only PGP for signing is
> relevant here. Also, PGP + Evolution works just fine for me, and evolution
> doesn't download external attachements by default.
>
>> * Most of the time (not always) heavily rely on clearnet which mean
>> issues of TLS/DNS which needs to be hardened otherwise they are exist by
>> names but does nothing.
>
> I couldn't parse this. What does ‘they are exist by names but does nothing’
> mean?
>
>> ..This is out of scope to discuss this in details, I just want to see
>> the bug URL linked to the bottom of the email i receive thats it.
>
> Guix' bug tracking software is ‘GNU Bug Tracker’. You could ask it on
> that project's mailing lists. Now I see you did that already:
> <https://lists.gnu.org/archive/html/help-debbugs/2021-04/msg00000.html>.
>
> I don't have anything else to say on this topic; I'm not sending further replies.
>
> Greetings,
> Maxime.
>
This bug report was last modified 3 years and 149 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.