[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFC: advise against using Proton Mail for Debian work?

While I do think that PM generating a PGP key by default is a good
thing. Even if they are compromised, it is still better than no
encryption for the vast majority of user *as long as they are not used
for something else*.

The problem for us is that it is not possible to upload subkeys to PM,
which allow to DM/DDs to create a subkey just for PM use. But even
then I'm not aware on how to push a public key without that subkey to
the Debian keyring, so maybe it doesn't matter.

In any case, I don't think condemning the use of PM is justified here.
Their software is open source and they are one of the only email
provider that actually care about encryption. Yes, it doesn't work
well with the Debian workflow, but that is not really their (nor our)
fault. The percentage of people that just use mail on PM is probably
significantly larger than those that also use their PGP mail to
sign/encrypt other stuff like Debian packages.

Cheers,
Stephan
Reply to: