Just to make it clear...

No Unsystem equipment has been seized in Spain.

The seized all equipment from Kasa de la Muntanya... but that doesn't
mean unsystem had anything there (it didn't).

more answers below...


On 23/12/14 00:29, odinn wrote:
> I was just notified that sembrestels@??? has "excessive or
> fatal bounces" for this list. Obviously that should throw up a lot of
> red flags.


Yeah... that doesn't sound right but might be some mailman thing...
anyways since riseup doesn't take so much space I guess sem is just not
reading email (tm) at the moment.


>
> Can someone start this as a totally seperate discussion? with seperate
> title? I feel like we are running these discussions here (mailing
> lists, forum discussions, etc) without getting into what should be
> best practices ...


Why don't you do it yourself? (start this as a separate discussion with
separate title...)
You can!
Also it's very bad practice to not do it when you're actually changing
the discussion.

>
> The git / github CVE over the past few days (Major item) along with
> the huge tor thing (myself and many others warned people of signs of
> it but people ignored) - chulthu in particular and tor relays were
> obviously affected and tor devs responded properly but it had some
> major affects albeit temporary - couple that with the seizure of
> equipment in spain re. unsystem - and the (so far) no procedure for
> gpg in re unsystem for list. Yes there is a thing for how you can do
> it (securityinabox as an example as a good guide) if you look around
> but what do we agree on here? for forum and apart from that use with
> git - github etc. and what do we agree on for unsystem for how that
> should all be worked into mailing lists etc, etc? Discussion time.


As I say above, unsystem equipment has not been seized. About tor or
github issues... no idea


>
> And that should wrap into it what keys are considered to be no longer
> valid with some kind of published list or or published list of revoked
> things? What should be republished or modified and how for gpg keys?
> Where published to? In what circumstances should we not publish to
> pgp.mit.edu? All good examples of what to discuss.


I agree we need a good document of good practices for gpg as right now
they're next to non existent. I would say don't publish to keyservers
unless to revoke, but it's not that practical :D


>
> Correct my language please. If it makes more sense to do it in
> Spanish please do, I am bilingual Spanish / English.
>
> My apologies for any offtopic but this seems hugely important.

It's not offtopic for the list, just offsubject since the subject was
not changed. Btw i'm not changing that now because *you should learn*
(sorry)


Cheers!