Closed dmundra closed 1 year ago
Hi Daniel! Sorry to see that page is gone, glad you found the broken link. Here is a page I quickly found that could be a short-term replacement, but is probably not what we want long-term. I can look more when I get back to work.
https://users.ece.cmu.edu/~adrian/630-f04/PGP-intro.html
(back now - failed to send this - catching up on email now...)
Thanks, =Fen
Sent from my phone
On Mon, Jan 16, 2023, 10:12 AM Daniel Mundra @.***> wrote:
Assigned #1011 https://github.com/CivicActions/guidebook/issues/1011 to @openprivacy https://github.com/openprivacy.
— Reply to this email directly, view it on GitHub https://github.com/CivicActions/guidebook/issues/1011#event-8237364937, or unsubscribe https://github.com/notifications/unsubscribe-auth/AABGLJ7Z377BNIXZQMDZEBTWSVQMBANCNFSM6AAAAAAT43L66A . You are receiving this because you were assigned.Message ID: @.***>
Thanks @openprivacy. No rush on this, we just caught it in our weekly link checker.
@openprivacy did you want to go with that link or did you find another link?
@sfmcgee if you are adding to the same file maybe you can update the link as well? Thank you!
@openprivacy I wonder if we should consider streamlining this page. We don't use email internally any more, and I (and many people) barely use it with friends/family either. For privacy conscious folks there are plenty of FOSS alternatives that offer much better security, privacy and ease of use than email+GPG in my opinion. I question some of the value around promoting Bitcoin and commercial VPN services also, and I think the browser extensions could fit better into a security page (since they aren't encryption related). I think it would be useful to collect share some general resources on learning about encryption though, in terms of understaning the different types how/where they can be used (not just privacy, but also security and authentication etc). We could use a more hands-on GPG signing primer in the Git page though.
@grugnog Agree with all your comments and suggestions. This might be a good general encryption link: https://ssd.eff.org/module/deep-dive-end-end-encryption-how-do-public-key-encryption-systems-work
WRT private browsing: yes, not encryption so can move the extensions (where?) but as this page is "Protecting your Privacy" a link to that page would be useful. (Maybe should rename the page, removing "with Encryption"?)
WRT GPG signing of Git commits: would like to see that added to https://guidebook.civicactions.com/en/latest/practice-areas/engineering/security-compliance/ (another page that needs some cleanup) and indeed, I'd like to move the last section of the Security Policy (Server and Site Security) to that Engineering/security-compliance page, too.
[edit: addition] Shall I propose some changes in a PR?
@openprivacy - I have an action in Issue #1051 to add instructions for signing git commits. I'll add it to the security-compliance page.
@openprivacy yes please propose changes in a PR! Thank you!
@sfmcgee -
I have an action in Issue #1051 to add instructions for signing git commits. I'll add it to the security-compliance page.
Please feel free to update that page. Lots is outdated, such as:
@alanna-casey and @openprivacy
On this page https://guidebook.civicactions.com/en/latest/common-practices-tools/security/encryption/, the link to https://ssd.eff.org/module/introduction-public-key-cryptography-and-pgp is going to 404 now in the below paragraph snippet.
Do you have a recommendation for a suitable replacement?