[03:45] *** odemg has quit IRC (Read error: Operation timed out) [04:02] *** odemg has joined #archiveteam-ot [06:15] *** BlueMax has quit IRC (Leaving) [08:02] *** BlueMax has joined #archiveteam-ot [09:37] *** logchfoo1 starts logging #archiveteam-ot at Tue May 15 09:37:50 2018 [09:37] *** logchfoo1 has joined #archiveteam-ot [09:38] *** betamax has joined #archiveteam-ot [10:49] *** wp494 has quit IRC (Ping timeout: 492 seconds) [10:49] *** wp494 has joined #archiveteam-ot [10:50] *** svchfoo1 sets mode: +o wp494 [11:09] *** lswutg has joined #archiveteam-ot [11:15] *** lswutg has quit IRC (Quit: Leaving) [12:50] *** rbraun has quit IRC (Read error: Operation timed out) [12:52] *** BlueMax has quit IRC (Leaving) [12:53] *** rbraun has joined #archiveteam-ot [14:18] *** godane has joined #archiveteam-ot [14:18] *** svchfoo3 sets mode: +o godane [16:06] *** schbirid has joined #archiveteam-ot [18:25] *** godane has quit IRC (Read error: Operation timed out) [19:14] *** godane has joined #archiveteam-ot [19:14] *** svchfoo3 sets mode: +o godane [20:28] would any grab-site users with a macOS like to tell me if this homebrew-based install works? https://github.com/ludios/grab-site/issues/121#issuecomment-389301496 [20:28] pypi disabled < TLS 1.2 [20:42] *** schbirid has quit IRC (Quit: Leaving) [20:43] never mind I finally got my macOS VM working (by not updating it) [22:16] *** godane has quit IRC (Read error: Operation timed out) [22:19] *** godane has joined #archiveteam-ot [22:19] *** svchfoo3 sets mode: +o godane [22:21] *** godane has quit IRC (Client Quit) [23:21] JAA: If someone is able to intercept an email then not having it encrypted wouldn't really help, because at that point they could just read the email. [23:21] JAA: it's way too complicated, the web of trust model never worked except for people who met IRL all the time, there are alternatives to signing things now [23:21] hook54321: Yeah, disabling it doesn't make sense at all. [23:22] s/to/for/ [23:23] ivan: Yeah, that's true. What are the alternatives? (Please don't say X.509 certificates.) [23:23] https://man.openbsd.org/signify.1 [23:25] http://www.openbsd.org/papers/bsdcan-signify.html [23:26] https://www.schneier.com/blog/archives/2015/11/testing_the_usa.html [23:26] That still has the key distribution problem, doesn't it? [23:27] well, everything has the key distribution problem [23:28] Right. So I don't see how it's better than GPG. [23:31] GPG is complicated to integrate with correctly, as seen in that latest mail client bug caused by ignoring some warning message [23:35] here is the crap you have to to type just to generate a deterministic gpg2 keybox https://gist.github.com/ivan/b6b4630ed914290af5e1bdefe42dd9c2#file-gpg-ex-L111-L144 [23:35] what is a deterministic gpg2 keybox [23:35] i've been using gpg for years and i don't even know why i should care [23:37] say you want to configure apt to use a set of keys in a manner that doesn't involve trying to mutate some state with apt-key [23:37] you realize you need to just overwrite the list of keys that it trusts, but wait, gpg is a flaming pile of garbage so good luck [23:40] a keybox is a gpg2's new format for storing keys, incompatible with the old format of just concatenating keys together [23:41] a deterministic one has the timestamps set to a predictable value (impossible without faketime) [23:44] If I understand it correctly, the timestamps in the keybox have zero effect on the actual keys inside the box though, right? [23:45] AFAIK both the key entries and the keybox itself are timestamped [23:45] but yeah I'm sure no one else cares about this I guess [23:46] Also, timestamps are used absolutely everywhere. You can't create reproducible Debian packages without faking the timestamps (and many other things) either. So I don't think this is a valid argument against GPG. [23:47] Or hell, compiling things... [23:48] I tried to produce reproducible binaries once. Fortunately, I was able to flee in time.