Security response team
I think we need to form a security response team to be contacted for responsible disclosure. We could setup a shared email account and share a PGP keypair which we each sign with our own keys.
Flaburgan Fri 22 Feb 2013 1:06PM
Hm, I don't think I have the competence to be in, so, without me ;)
Florian Staudacher Fri 22 Feb 2013 2:23PM
+1
goob Fri 22 Feb 2013 4:06PM
It sounds like a very good idea, but like Fla I don't think I have the competence, I'm afraid.
(I have a mental picture of you all in riot gear and assault rifles, going in like a SWAT team...)
Jason Robinson Fri 22 Feb 2013 8:21PM
+1 for this, but I think I'll stay out, way too many things going on :P
(offtopic maybe but don't really understand the PGP part? Isn't the point to receive alerts and act on them? :P)
Jonne Haß Fri 22 Feb 2013 8:52PM
PGP for the paranoid so that they can send us encrypted mails and it doesn't matter if the mailbox gets hijacked or the mail gets intercepted or whatever. Just common practice and can't do harm ;) So any suggestions where to get a mailbox?
Jason Robinson Fri 22 Feb 2013 9:26PM
The paranoid will probably not even send emails to gmail :P
Jonne Haß Fri 22 Feb 2013 9:38PM
Well, with PGP they could, Gmail won't be able to read them ;)
Tom Scott Sun 24 Feb 2013 7:58AM
+1 definitely.
Flaburgan Mon 25 Feb 2013 9:02AM
@jonneha what about create an email on @diasporaproject.org when Sean will have access to it ? We certainly have an email server somewhere (with OVH, I have an email address with every domain name I have, maybe it's the same here)
Jonne Haß · Fri 22 Feb 2013 11:20AM
Count me in, who's with me?