MOZILLA's GnuPG/PGP key-signing session, October 3rd
Former subject was the somewhat longer-titled
'[sf-lug] [BALUG-Talk] Fwd: GnuPG / PGP key signing party October 3rd 2017'
Quoting <Michael.Paoli at cal dot berkeley dot e d U>,
at least from [1] and also from [2]:
~~~~~~~~~~~~~~~~~~~~~~
[DO NOT REPLY-ALL UNLESS YOU'RE SUBSCRIBED TO ALL LISTS!]
NOTE ALSO THAT appears (free) "ticket" is REQUIRED to attend this event.
Passing this along, as it looks like it didn't make it to
at least …
[View More]several lists (non-member posting and/or too many recipients):
----- Forwarded message from lhirlimann at mozilla.com -----
Date: Thu, 20 Jul 2017 10:51:18 +0200
From: "Ludovic Hirlimann" <lhirlimann at mozilla.com>
Subject: GnuPG / PGP key signing party October 3rd 2017
To: buug at buug.org, Michael.Paoli at cal.berkeley.edu,
talk at nblug.org, balug-talk at lists.balug.org, svlug at lists.svlug.org,
sf-lug at linuxmafia.com, info at eblug.org, bad at bad.debian.net,
penlug-members at new.penlug.org, bale at linuxmafia.com, meyering at fb.com
Hello my name is ludovic,
I'm a sysadmins at mozilla working remote from europe. I'm organizing
a pgp Key
signing party in the Mozilla san francisco office
(https://wiki.mozilla.org/People:MozSpaces_Guidelines:San_Francisco)
on October the 3rd 2017 from 6PM to 8PM.
~~~~~~~~~~~~~~~~~~~~~~
Ah, so a Mozilla employee is remotely organizing a GnuGP/PGP key-signing
session happening at one of the parent company's main U.S. West Coast
offices.
IMHO, the timing of this session is ever-so-slightly suspicious given that
it's happening just over one month before the planned release date of
Mozilla Firefox's extensions-busting version 57 [3]; intentionally
released to cut down the browser usage percentage of Google's Chrome
browser [4] as well as possibly that of the open-sourced Chromium browser
[5].
One would hope that there will be _no_ data-collection and storage of
participants' _personal_ information before/during/following the time of
this Mozilla key-signing-only event, and well in advance of the FF57
release date......
>From what I'm seeing now, and FWIW, both the 64-bit open source Brave*
browser [6] and the 32-bit open source Palemoon browser [7] will _still_
be supporting many of our most important browser extensions into the near
future.
*An interesting fact to note about Brave is that their Mission District HQ
[8] is ~3/4 hr MUNI busride from Mozilla's SF offence [9] ear Rincon
Point.
Comments from announcement-forwarder Michael P, from Rick M, and from
others are expected and of course welcome :-)
-A
References
============
[1] linuxmafia.com/pipermail/sf-lug/2017q3/012773.html
[2]
https://temp.balug.org/pipermail/balug-talk/2017-August/000005.html
[3]
https://www.cnet.com/special-reports/mozilla-firefox-fights-back-against-go…
[4] https://www.google.com/chrome/browser/index.html
[5] https://www.chromium.org/Home
[6] https://www.brave.com
[7] https://www.palemoon.org
[8] https://www.brave.com/about/
[9] https://wiki.mozilla.org/People:MozSpaces_Guidelines:San_Francisco
[View Less]
Just so everyone is also aware, BALUG lists are publicly archived
(I believe that's always been the case, and is reasonably clear on
the lists' pages).
Also, on the new infrastructure, the
full raw archive (mbox) files are also available.
They can be found on the lists' archive pages,
the link on each labeled:
download the full raw archive
Note that the old archives aren't merged in yet, but expecting
to have that completed in the near future.
Also, planning to make those full raw archive …
[View More]mbox files
available via rsync - that will also be more handy/useful/efficient,
as some missing bits of the archives get filled in later
(don't presume the mbox files are append-only ... though they
will generally be append-mostly). Over the years, there have
been multiple occasions where DreamHost.com lost some or all
of our archives (at least on some of our lists). Still hoping
to later reinject and restore that, from other copies we have
or may be able to obtain.
That also means that anyone has the ability to backup the
entire raw mbox archive. :-) Making those raw mbox
archives public wasn't even an option with DreamHost.com
(at least through current version of MailMan, it's a global
option setting, and not per-list. DreamHost.com hosted many
lists from many customers, so didn't reasonably have a way to
adjust that on a per-customer or per-list basis).
Two most important assets of list, are the archives, and the
members/roster - with those it's always possible to recreate
the list if needed/warranted. Without those, not so easy
to infeasible.
> From: "Michael Paoli" <Michael.Paoli(a)cal.berkeley.edu>
> To: BALUG-Test <balug-test(a)temp.balug.org>
> Subject: BALUG-Test: full raw mbox archive publicly available
> Date: Tue, 11 Jul 2017 07:34:46 -0700
> And yes, the full raw mbox archive for BALUG-Test
> is publicly available:
> $ curl -I https://temp.balug.org/pipermail/balug-test.mbox/balug-test.mbox
> HTTP/1.1 200 OK
> Date: Tue, 11 Jul 2017 14:29:02 GMT
> Server: Apache/2.4.10 (Debian)
> Last-Modified: Tue, 11 Jul 2017 14:23:34 GMT
> ETag: "a046-5540b71d48512"
> Accept-Ranges: bytes
> Content-Length: 41030
> Content-Type: application/mbox
>
> $
> Procedure documented on:
> https://www.wiki.balug.org/wiki/doku.php?id=balug:mail_and_lists
> notably:
> o Y full mbox archive publicly available; procedure:
> add:
> PUBLIC_MBOX = Yes
> to file:
> /etc/mailman/mm_cfg.py
> restart mailman
> for existing lists, toggling archive from public to private and
> back again seems sufficient to then create the needed link
>
> Also making it available via public rsync is on the todo list, but
> not towards the higher/highest priority bits.
> "Not worse than" migration off of DreamHost.com is higher on the priorities.
> Additional improvements generally come later.
[View Less]
So, ... I'm looking for recommendations.
The basic context:
using /etc/aliases (or equivalent) to simply and directly forward/alias
email out onto The Internet at large, is in general a bad idea
(particularly in the days of spam, and anti-spam, etc., among other
factors).
Our existing old hosting on DreamHost.com uses a fair bit of that. 8-O
Need to migrate that functionality off of DreamHost.com.
I'm looking for a way to make that migration that at least
partially fixes the issues with …
[View More]such overly simplistic aliases.
Notably such "aliased"/forwarded email ought be sent out with
appropriate Sender: or similar header(s) (Resent-From: ?) and envelope
FROM showing (re)origination from domain of the forwarding host (@balug.org
or subdomain thereof).
Ideally, a relatively simple near-drop-in replacement that could go
into /etc/alises, that would, rather than do overly simple (and problematic)
aliases such as:
some-alias(a)balug.org: bob(a)example.com jane(a)example.com ...
might implement something more like:
some-alias(a)balug.org: "|resend bob(a)example.com jane(a)example.com"
Also, for these purposes, do not want the complexity of mail lists,
e.g. don't need or want subscribe/unsubscribe, archives, etc.
At present @balug.org has at least 28 distinct aliases - certainly
don't want to manage or have to deal with 28+ additional email lists.
The target infrastructure is:
Debian oldstable
Debian GNU/Linux 8.9 (jessie) x86_64
MTA: exim4
(will get upgraded to stable at some point, but for the short to
medium-term future or so, it's oldstable, and need to implement
solution on oldstable).
Thanks in advance regarding recommendations/pointers. :-)
[View Less]
[DO NOT REPLY-ALL UNLESS YOU'RE SUBSCRIBED TO ALL LISTS!]
NOTE ALSO THAT appears (free) "ticket" is REQUIRED to attend this event.
Passing this along, as it looks like it didn't make it to
at least several lists (non-member posting and/or too many recipients):
----- Forwarded message from lhirlimann(a)mozilla.com -----
Date: Thu, 20 Jul 2017 10:51:18 +0200
From: "Ludovic Hirlimann" <lhirlimann(a)mozilla.com>
Subject: GnuPG / PGP key signing party October 3rd 2017
To: …
[View More]buug(a)buug.org, Michael.Paoli(a)cal.berkeley.edu,
talk(a)nblug.org, balug-talk(a)lists.balug.org, svlug(a)lists.svlug.org,
sf-lug(a)linuxmafia.com, info(a)eblug.org, bad(a)bad.debian.net,
penlug-members(a)new.penlug.org, bale(a)linuxmafia.com, meyering(a)fb.com
Hello my name is ludovic,
I'm a sysadmins at mozilla working remote from europe. I'm organizing
a pgp Key
signing party in the Mozilla san francisco office
(https://wiki.mozilla.org/People:MozSpaces_Guidelines:San_Francisco)
on October the 3rd 2017 from 6PM to 8PM.
For security and assurances reasons I need to count how many people
will attend. I'v
setup a eventbrite for that at
https://www.eventbrite.com/e/pgp-key-signing-party-in-san-francisco-tickets…
<http://t.umblr.com/redirect?z=https%3A%2F%2Fwww.eventbrite.com%2Fe%2Fgnupg-…>
(please take one ticket if you think about attending - If you change
you mind cancel so more people can come). Also it helps for counting pizza as
I'm trying to get some pizza while we chat and sign keys.
I will use the eventbrite tool to send reminders and I will try to make
a list with keys and fingerprint before the event to make things more
manageable - if you want to be on that list please send me an eamil
with key IDs so I can build it.
To make the event more visible I've created a lanyrd entry at :
http://lanyrd.com/2017/pgp-key-signing-party-in-san-francisco/
An upcoming event at :
https://upcoming.org/event/pgp-key-signing-party-42p3iubxhi
feel free to add yourselves on these, but getting a ticket is
mandatory so I can manage
security on siet and insurances etc ....
I will advertise this on twitter and mastodon (I'm @lhirlimann and
usul(a)mamot.fr), retweet
and boost wanted.
Ludovic
ps sending this to a lot of people, to get more visibility. Feel free
to pass this along to interested parties
(eg I was unable to find a live BSD group)
ps2 I will also contact people listed on biglumber to have more gpg related
people show up.
--
:Usul in #moc on irc.mozilla.org
Mozilla Operation Center
http://www.hirlimann.net/Ludovic/carnet/
----- End forwarded message -----
[View Less]
The BALUG-Talk list migration did go quite smoothly.
Still need to migrate the list archives, but will
get to that.
A couple other bits one might want to be aware of on the new hosting:
Also note, with the new infrastructure, notably anti-spam measures and
greylisting, postings to the list may not appear quite immediately -
especially if one hasn't posted to the list before or in some fair while
(or notably from the same SMTP sending IP address before). So one may
see an initial delay of a …
[View More]couple minutes up to about five
minutes or so (depending upon one's sending MTA) or more.
Also, while the site will generally be up, available, and on-line,
it's not exactly a high-availability infrastructure - so if at any point
it appears to not be available, rest assured we'll take care of it (and
any postings sent earlier, will still generally still make it - may just
take a bit longer in such circumstances).
[View Less]
BALUG-Talk list migrating!
This should be the last post from the list's old hosting location.
The old location of the list (and its archives) should be treated
as "read-only" - the "Emergency moderation" is set on the list, and no
postings should be approved.
Expect some email(s) once the migration has completed.
You can also check back later at:
http://www.balug.org/#Lists
for status, links, etc.