Security response team

We still have no sign of life from the domain owner. That's basically why I'm asking.

Who owns diasporaproject.org anyway?

whois diasporaproject.org gonna tell you. Somewhat.

Max must know this person, or at least how to get in contact with them, otherwise they wouldn't have pointed diasporafoundation.org to his site in the first place - surely?

Sorry, Maxwell, not Max - didn't mean to shorten his name.

Count me in!

A good, simple, secure and free mail, I think this one could do it:

https://help.riseup.net/

They have both email and mailing lists. There are two ways to get an account, either by writing them a request and telling them who we are and why we want it, or by using invitation codes, and as both I and Paul do already have accounts for personal purposes we could generate invitation codes.

What do you say?

We now got full control over diasporafoundation.org, including a mail server listening to it, run by @dennisschubert. It's time to make security@diasporafoundation.org reality. I'm going to generate and publish a PGP key for it, anybody who wants to be in the team can contact me and I'll share the key with you, unless somebody knows a better method to get PGP working on that address.

I've not heard about security@diasporafoundation.org before, Jonne. What is it intended to be? I'd like to know to see if it's something I could be a part of.

It's a method/address to responsibly, that is not in public, disclose serious security issues in Diaspora. Listening to it is the security response team (only me currently, heh...) to judge and handle the disclosed issues.

Thanks. I saw from your discussion on Github that it's an email address for this purpose. I wasn't sure whether it was something else. A very good idea, but not something I can usefully be part of, I'm afraid.