Re: GnuPG efail - researcher discussion failure
David A. Wheeler
Luis R. Rodriguez:
As you may know there is tons of media coverage over efail:...
What could be done, from a community, or even CII perspective, to avoid furtherI don't know what can be done, but it's definitely a worthy topic, because
media circuses and miscommunication are happening a lot. Unfortunately,
for many the economics encourage it. The researchers get quick (valuable) notoriety,
and the media get good clickbait (and many in the media don't
understand the issues anyway).
Cc'ing two folks which I believe are not subscribed. Perhaps this is Off topic,That's a fair "scope of mailing list" question.
If we can somehow turn this into some kind of "best practice" kind of thing,
this is definitely on-topic for this mailing list. I don't know if we can,
but the discussion on *trying* to do so is definitely on-topic.
I don't know of any "generic CII" mailing list, but since many of us are involved in
the CII generally, and it's closely related, I think it's okay for now.
An alternative (and much larger) forum is the oss-security mailing list.
--- David A. Wheeler