See also:

Ulrike Uhlig received $6000 from Outreachy and then quit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Tor exit nodes

Lars Wirzenius dijo [Mon, Oct 09, 2017 at 04:11:21PM +0300]:
> (...)
> * I think having security and crypto training at every Debconf would
>   be a good idea: how to use gpg, how to configure gpg well, how to
>   secure one's laptop, etc.

YES. At DebConf, at MiniDebConfs, etc. That would be a great motivator
to break inertia.

> * The Yubikey 4 seems to be the best hardware option. It's not free
>   hardware, however. I'm OK with that for my own use, and I'd be OK
>   for that for Debian's use. But before Debian spends money on that,
>   we should have consensus that it's OK. I'm also OK for Debian to
>   choose an option with free-er hardware, but have no personal
>   experience with those.

I have one of the Gnuk tokens Yutaka Niibe took to DebConf14; I have
sadly barely used it due to lack of time... But also because of being
uneasy with the durability of a nonsealed piece of electronics that
I will carry around everywhere. I believe the ruggedness of the
industrially built models do have an edge here...

> * One Yubikey model 4 is $40 (plus postage) on Amazon.com. Times 1000
>   DDs, that's a lot of money for Debian. Can we find someone to
>   sponsor them? Maybe Yubico itself?

For buying such a large volume, I guess Yubico (or any other company)
would give us a wholesale price. But also, I guess they could be
interested in sponsoring us, as it'd be a high visibility deployment.

Of course, I guess several people in Debian would _not_ be impressed
by using a nonfree piece of stuff to do Debian work. It would be worth
checking if some hundreds of units would be enough to put a Gnuk on a
rugged casing.

Attachment: signature.asc
Description: PGP signature