Issue 2551152
Created on 2021-08-15 04:02 by rouilj, last changed 2021-08-16 10:14 by ThomasAH.
|
| msg7317 |
Author: [hidden] (rouilj) |
Date: 2021-08-15 04:02 |
|
The user manual and admin manual are missing directions on how to
deploy/use PGP encrypted emails.
The user manual should include how to set the public key. Setup
on the client side to PGP sign the email should not be included.
Admin manual should discuss settings and what needs to be set up
in the config.ini file to sign/encrypt emails.
From what I just scanned it looks like the key needs to be on the
filesystem??? I would expect pgp pub keys to be uploadable via the
web interface.
|
| msg7318 |
Author: [hidden] (ThomasAH) |
Date: 2021-08-16 10:14 |
|
Yes, the system account running roundup needs to have the keys available in
the default keyring, so you need to use "gpg --import" to import keys of
users, and you need to generate a secret key for the tracker on the command
line, too.
Allowing key updates via the web interface would need very good verification
so that keys only contain email addresses that are valid for this user.
And if a key (or encryption subkey) expires, you can't add new messages to
issues where the corresponding user is in the nosy list, so I have created
https://hg.intevation.de/adminton/file/default/shebang/gpg-keyring-check-expire
to check for keys that will expire in the near future.
I run this once per week via crontab.
|
|
| Date |
User |
Action |
Args |
| 2021-08-16 10:14:35 | ThomasAH | set | nosy:
+ ThomasAH
messages:
+ msg7318 |
| 2021-08-15 04:02:31 | rouilj | create | |
|