10 Dec
2016
10 Dec
'16
8:29 a.m.
On Fri, 09 Dec 2016, Silvia [Hiro] wrote:
- Verify that the email is signed and the signature is recognised. For
the moment and during the first pilot we could restrict this feature to @tpo addresses and verify the key w/ the info we have in db.tpo. Further on, we can verify the key by importing eventually missing keys from known keyservers.
I am implementing step 1 through procmail and a simple script.
- If the email has a valid signature, check permissions for the users,
parse the email and create the ticket or reply to a thread.
If they mail is signed by a key in the torproject.org keyring, that should be good enough. I don't think we need to set up per-user privileges. Accountability is quite sufficient.
--
| .''`. ** Debian **
Peter Palfrader | : :' : The universal
https://www.palfrader.org/ | `. `' Operating System
| `- https://www.debian.org/