Roundup Tracker - Issues

Message8189

Author rouilj
Recipients ber, rouilj
Date 2024-11-20.15:07:25
Message-id <1732115246.03.0.996099180281.issue2551368@roundup.psfhosted.org>
In-reply-to 
I emailed the roundup-users list over the weekend to see about dropping pgp support.

Email:

Hello everybody:

I am looking at the future of support for PGP encrypted email.

Does anybody (still) use PGP encrypted email?

For those that don't know, you can sign/verify email sent to Roundup
by enrolling user's public keys. I think the intent was to validate
commands and changes sent on the subject line of an email.  It can
also encrypt outgoing PGP emails, but it has issues (issue2550943,
issue2550942).

As far as I can tell it was never well documented. After much struggle
a while ago I managed to get it to work, but I still wasn't able to
document a working process. Also sending PGP encrypted email was not
exactly straightforward.

Before Roundup 1.5, tracker auditors did not even know the source of
the transaction. tx_Source was added to support "email" and
"email-sig-openpgp". Before then, you had to use PGP for all email
from a user. PGP had to be used even if they weren't doing something
that required authentication/authorization. Otherwise you were
vulnerable to forged email.

With 1.5, your auditor can check the source of the transaction. If it
was not pgp signed, you can reject the transaction if certain
operations (e.g. status changes etc.) arrive via email.

Also articles such as:

  https://www.latacora.com/blog/2019/07/16/the-pgp-problem/

  https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/

make me reconsider PGP support. Some of the problems discussed above
don't apply to Roundup's use of PGP. But the overall impression is not
favorable.

Wgat bring this to the front is that I can't build a working PGP
toolchain in Python for our continuous integration platform. See:
https://issues.roundup-tracker.org/issue2551368. This means PGP code

won't be tested unless done locally by a developer.

My thoughts are that PGP was useful in earlier days (2000-2010) when
internet connectivity wasn't as easy, but is not so useful today.

My plan at this point is:

  * announce that PGP support will be included but not tested for
    Roundup 2.5.

  * if a tracker has pgp support enabled, 2.5 will print a warning
    when starting up.

  * remove the PGP code in release 2.6.

Does anybody currently use PGP for tracker emails? If so are you
willing to handle maintenance/documentation of this subsystem and
resolve issues?

More generally, does a method for:

  * verifying the sender and contents of email
  * encrypting sent emails

still have value? If so
https://soatok.blog/2024/11/15/what-to-use-instead-of-pgp/ lists a
couple of ideas (e.g. encrypted/signed attachment).
History
Date User Action Args
2024-11-20 15:07:26rouiljsetmessageid: <1732115246.03.0.996099180281.issue2551368@roundup.psfhosted.org>
2024-11-20 15:07:26rouiljsetrecipients: + rouilj, ber
2024-11-20 15:07:26rouiljlinkissue2551368 messages
2024-11-20 15:07:25rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020