On 4/21/23 16:30, Aleksandra Fedorova wrote:
On 4/21/23 15:25, Christopher Klooz wrote:
Just a slight addition about "archaic email" and related comments:
Email and its capability for being used in conjunction with OpenPGP
ensures two major institutions in kernel development and elsewhere:
"Trusting the developers, not infrastructure" [1], and, assume "any
part of the infrastructure can be compromised at any time" [1]. This
avoids single points of failure, and complements the chain of trust.
I am not sure if Discourse is capable to be used in conjunction with
OpenPGP if it reformats contents or if it removes attachments (maybe
someone knows?). This leads to the possibility that discourse
introduces a single point of failure (or, single point of
vulnerability), which breaks the above institutions.
Having said that, as far as I follow our devel mailing list, I think
the argument above is of minor relevance, because I think this
mailing list is not used to forward code or to do reviews. Signatures
seem to be not omnipresent at the moment anyway.
From security or impersonation point of view our current mailing list
is actually the worst. Both Matrix and Discourse are at least tied to
FAS account. And while it can be considered a single point of failure,
it is at least the one which exists and is properly maintained by the
project.
The FAS account is useless if one has access to the infra, or if the
latter has vulnerabilities (which can be social and technical).
Misconfigurations also occur in complex infra. That's the point of
avoiding single points of failure. If one uses OpenPGP and if people
verify it, it is not relevant if the infra itself is the "worst" or not,
because no one needs to trust it anyway (that's the point in the kernel
mailing lists). By default, without ensuring integrity, every
email-based mailing list that is used in Linux realms (and at all) falls
in the "worst" category because of the concept/architecture of email.
Again, this does not mean that discourse is not suitable for us. Given
what I see on the mailing lists, our mailing list contents seem to be
not relevant for integrity, and mostly not signed at all.
I just read some comments where I had the perception that they are
partly assuming things to be simpler than they are. There are reasons
for traditional email mailing lists in some circumstances, they are not
"generally obsolete", but this does not mean that this applies to our
mailing lists.
Given what I see and where I am present in the mailing lists, I would be
+1 for discourse. But we still have to consider and put forward all points.
So I think we are on the same page, I just added a point that has to be
considered in advance: do we have >=1 mailing lists that have a need for
independent "security of integrity"? I guess the answer is no, we do not
have >=1. But I do not know all of our mailing lists and for what they
are used.
We had the issue with impersonation over e-mail before, and that was
not nice.
However, I just wanted to remind that the issue is a little more
complex than just assuming "email is old and has to be replaced by
modern": there is another consideration, too. And we have to be aware
that if discourse does not support OpenPGP signatures practically, we
loose the possibility to ensure "security of integrity" in the
mailing list in cases WHEN it is necessary - IF there are such cases
(which I cannot determine).
I think we really try hard to not oversimplify the conversation to the
point of "old" vs "new", or "us" vs "them" approach, though many of
the replies in this thread are pulling us into that direction.
Matthew's mail in my opinion does a good job to highlight that there
is no single "we want a new shiny thing for newbies" driver behind the
switch. There are multiple reasons for it. And making discussions more
secure and better maintained is on that list too.
And like, hey, e-mail is a still a thing. Use it where you need it,
and where it fits. There is no fight against the technology.
But for this particular purpose within this particular environment the
mailing list just doesn't work(*), and we see it.
(*) Works = provides shared space where old and new Fedora
contributors can discuss changes and other project-related topics in a
collaborative way to advance the project.
This is the problem which we must solve. And it won't go away on its
own if just wait for it.
Again, the goal is not to fight against Fedora contributors using the
e-mail technology. The goal is to find a solution.
And if the requirement for that solution is to improve the Discourse
mail interface, can we at least try to look into it with open mind and
actually list what needs to be done to make it work.
We are a group of FOSS developers using FOSS tools, and we have a year
long plan to make the tool working for us and everyone else.
Let's maybe work on it?
Just some thoughts :)
[1]
https://www.kernel.org/doc/html/latest/process/maintainer-pgp-guide.html
Chris
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
