gchristensen changed the topic of #nixos-security to: Vulnerability Roundup Issues: https://github.com/NixOS/nixpkgs/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+Vulnerability+roundup + https://broken.sh
_ris has joined #nixos-security
ris has quit [Ping timeout: 246 seconds]
tilpner_ has joined #nixos-security
tilpner has quit [Ping timeout: 240 seconds]
tilpner_ is now known as tilpner
_ris has quit [Read error: Connection reset by peer]
_ris has joined #nixos-security
rajivr has joined #nixos-security
andi- has quit [Ping timeout: 272 seconds]
andi- has joined #nixos-security
_ris has quit [Ping timeout: 246 seconds]
_ris has joined #nixos-security
LnL has quit [Ping timeout: 260 seconds]
LnL has joined #nixos-security
LnL has joined #nixos-security
LnL has quit [Changing host]
_ris has quit [Ping timeout: 246 seconds]
_ris has joined #nixos-security
MichaelRaskin has quit [Quit: MichaelRaskin]
FRidh has joined #nixos-security
garbas has joined #nixos-security
<{^_^}> nixos-homepage#480 (by mweinelt, 2 days ago, open): Migrate the security teams GPG key download to keys.openpgp.org
kleisli has quit [Ping timeout: 256 seconds]
kiwiirc has joined #nixos-security
rajivr has quit [Quit: Connection closed for inactivity]
ckauhaus has joined #nixos-security
justanotheruser has quit [Ping timeout: 272 seconds]
justanotheruser has joined #nixos-security
<gchristensen> hexa-: is there something other than gpg I could use?
<hexa-> gchristensen: with email or in general?
<gchristensen> instead of a gpg key on the security team page
<hexa-> Yikes
<hexa-> Nothing is as universal as email
<gchristensen> I mean, I'm fine with receiving email
<gchristensen> my impression is the BSD folks have been leading the pack moving away from GPG
<hexa-> And you obviously want public key crypto so you can preshare your pubkey
<gchristensen> yeah
<gchristensen> but this remains their reporting policy, meanwhile Filippo Valsorda also loves to dog on GPG and implement tools I like (like age) and suggests there are ready and convenient alternatives
<gchristensen> so then I'm left wondering, why have they stuck to gpg for this
<hexa-> There is age by Filippo Valsorda, but it's nowhere near as integrated anywhere
<gchristensen> yeah
<hexa-> Ah, I'm on mobile
<hexa-> And therefore slow 😄
<gchristensen> ahh sorry to rush you :)
<hexa-> I could've chosen to reply later 😃
<hexa-> So it's the integration story that is lacking
<hexa-> You can publish your age pubkey, but the medium would be unclear I guess
<hexa-> There is also saltpack which I like a lot, but that's even less integrated anywhere but on keybase
<gchristensen> the integration would be a convenience for the sender
<gchristensen> since I have no such integration
<hexa-> And then there is the messenger category, which imo is a poor transport for these kinds of things
<gchristensen> oh I got the attention of emaste. cool.
<gchristensen> I don't feel responsible enough to have a pgp key
<hexa-> Does anyone?
<gchristensen> I feel it is sort of a litmus test for "should I trust your pgp key?" if you say yes, I shouldn't
<hexa-> I'm just saying it's not very user friendly.
<gchristensen> me too :)
<hexa-> My rsa2048 key is from 2010 and I should really retire it for something more modern, but alas I'm hesitant because it's very well distributed 🙈
<gchristensen> a significant problem
<hexa-> It's a hassle
_ris is now known as ris
kleisli has joined #nixos-security
<qyliss> My key will expire in a month, and there's nothing I can do about it because the master key is on a Yubikey 1000 miles away, which I can't really get to because of the virus
<qyliss> Not a threat model I considered when I set things up :P
<Valodim> phew, that's a tough one :)
<qyliss> I might arrange to have it mailed to me
<qyliss> But if it gets lost in the post then that's that
<qyliss> Or, maybe I have a backup somewhere?
<qyliss> I don't actually remember
<Valodim> the primary key is only as valuable as the operations it performs itself. offline primary keys aren't as useful as one might think
<Valodim> for typical users who don't sign keys for WoT purposes, the set of those operations will be only the management of subkeys. and those in particular don't really count because if any subkey is lost for whatever reason, it's not really an option to rotate those and keep using the same primary key
<gchristensen> I'm not sure it is worth trying to discuss if the base-line "PGP has probelems" isn't even there
FRidh has quit [Ping timeout: 260 seconds]
FRidh has joined #nixos-security
kleisli has quit [Remote host closed the connection]
kleisli has joined #nixos-security
FRidh has quit [Quit: Konversation terminated!]
ckauhaus has quit [Quit: WeeChat 2.7.1]
kleisli has quit [Remote host closed the connection]
kleisli has joined #nixos-security
justanotheruser has quit [Ping timeout: 264 seconds]
justanotheruser has joined #nixos-security
c74d has joined #nixos-security
anselmolsm has joined #nixos-security