Security Tracker Emails: Strip the Body Field Or Encrypt with Recipient's Pubic GPG Key

Created on 10 October 2014, about 10 years ago

Updated 9 December 2024, 13 days ago

This issue was spun off from #2344581: [META] Securing Security Team Communications and Conversations → (see comments #4 through #15). The goal is to not disclose sensitive information over email in an unencrypted form. The proposal in #8 on the parent issue was discussed as an agreeable solution. In essence, a security team member would either:

1. Upload their public GPG key to their profile, which would be used to encrypt the body/description field.
2. If a key is not present, strip the body/description field out of the email altogether.

@killes was mentioned to be working on this, hence the desire to split off a second ticket so that we could track that progress and provide assistance.

✨ Feature request

Status

Closed: won't fix

Version

1.0

Component

Code

Created by

🇺🇸United States rickmanelius

Live updates comments and jobs are added and updated live.

Comments & Activities

Comment 13 days ago →
🇺🇸United States greggles Denver, Colorado, USA
This seems oudated/not necessary.

Feel free to reopen if you feel it's still necessary.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024