00:06:18 <m-relay> <s​agewilder:unredacted.org> I have issues with this document. This is why I'm reaching out here.
04:30:26 <m-relay> <o​frnxmr:monero.social> What issues are you having?
10:24:26 <m-relay> <s​agewilder:unredacted.org> Luigi1111's PGP key is insecure rsa2048, has been generated 7 years ago and the e-mail it is attached to (luigi1111w⊙gc) do not correspond to the point of contacts description (luigi1111⊙go).
10:24:27 <m-relay> <s​agewilder:unredacted.org> Moneromooo's PGP key has expired last month (2024-11-16).
10:24:29 <m-relay> <s​agewilder:unredacted.org> I'm wondering if the PGP keys and/or VRP document are current or if they may be outdated.
10:24:31 <m-relay> <s​agewilder:unredacted.org> It is also unclear to me if:
10:24:33 <m-relay> <s​agewilder:unredacted.org> > Please, CC all points of contact if you decide to use email instead of HackerOne
10:24:35 <m-relay> <s​agewilder:unredacted.org> means that I should both send an e-mail to Luigi and direct message moneromooo on libera with a pastebin link of the report encrypted with their pgp key?
10:43:04 <plowsof> mooos key renewed here https://github.com/monero-project/monero/pull/9577 
10:55:53 <Albassort> Hey, i saw that Bisq 2.0 is going to support Monero?
11:04:35 <m-relay> <s​yntheticbird:monero.social> Albassort -> #monero or #monero-community
11:20:28 <m-relay> <s​agewilder:unredacted.org> plowsof, thank you for the link. Should I include luigi in the process as well with their rsa2048 PGP key?
11:22:36 <plowsof> if rsa2048 is broken then the dev team need to be notifieed appropriately via hacker one. thank you
11:23:43 <m-relay> <s​agewilder:unredacted.org> I cannot sign in HackerOne.
11:23:58 <m-relay> <s​yntheticbird:monero.social> luigi1111 is already aware
11:24:27 <m-relay> <s​yntheticbird:monero.social> when will he update it is unknown
11:24:51 <m-relay> <s​yntheticbird:monero.social> realistically there is only h1
11:25:21 <m-relay> <s​yntheticbird:monero.social> yes it sucks, feel free to spark a scandal about that because holy shit is this VRP broken
11:25:56 <moneromooo> Best way to get ignored though.
11:26:06 <moneromooo> So not a good suggestion :)
11:26:39 <m-relay> <s​yntheticbird:monero.social> ok true that wasn't smart towards a newcomer
11:27:21 <m-relay> <s​yntheticbird:monero.social> still there needs to be some fixing
11:27:54 <moneromooo> In order to be some fixing, there needs to be some time volunteering.
11:28:12 <moneromooo> Like, I mostly hang around nowadays.
11:28:49 <moneromooo> selsta does most/all of the H1 care and feeding fwiw.
11:28:55 <moneromooo> (AFAIK)
11:29:38 <moneromooo> I guess if H1 isn't an option, pastebin an armored version and I'll point to the relevant person (or fix it if I can).
11:29:48 <m-relay> <s​yntheticbird:monero.social> yes selsta and jeffro are doing the h1 work. It's fine to not be available but at least change the point of contact because for people that don't wanna go over h1 they have nowhere to go
11:31:08 <m-relay> <r​brunner7:monero.social> Before anybody freaks out: RSA-2048 is not "broken", but sure not recommended anymore.
11:33:00 <m-relay> <s​yntheticbird:monero.social> Alright moneromooo, it's what is in the VRP, can we at least mark to expect some delays when dming IRC. I'm not trying to act like a spoiled child, but that's just not very formal imo.
11:33:25 <m-relay> <s​yntheticbird:monero.social> selsta or jeffro256 should also be point of contact
11:34:19 <moneromooo> Sure.
11:34:33 <m-relay> <s​yntheticbird:monero.social> Let's goooo
11:34:49 <moneromooo> Ask first if they're OK with being listed though.
11:35:11 <m-relay> <s​yntheticbird:monero.social> of course
11:35:13 <moneromooo> I'm OK with being delisted (also OK with not being).
11:35:25 <m-relay> <s​yntheticbird:monero.social> ack.
11:35:53 <moneromooo> Though if you keep me in, mention I'm backup/secondary ?
11:36:07 <m-relay> <s​yntheticbird:monero.social> That would be ideal
11:36:10 <moneromooo> ty
11:36:40 <m-relay> <r​brunner7:monero.social> Wanna get rich? Factor a RSA-2048 key and pocket USD 200,000: https://en.wikipedia.org/wiki/RSA_Factoring_Challenge
11:38:01 <moneromooo> Hopefully before having spent 200,000 in power costs.
11:41:13 <m-relay> <s​agewilder:unredacted.org> Thanks for the info, I'll wait for things to clear up before proceeding, and if taking too long, I'll reach moneromooo.
12:04:50 <ofrnxmr> Just reach moneromoo right now lol
12:07:18 <plowsof> important matters as these can not be rushed. please give sagewilder some space to consider all options carefully  
12:07:28 <m-relay> <s​agewilder:unredacted.org> It give me opportunity to do some clean up, and also continue searching. I won't let it drag on.
20:58:31 <plowsof> .merges
20:58:31 -xmr-pr- 8929 9122 9172 9176 9286 9290 9336 9376 9380 9381 9389 9395 9400 9441 9445 9451 9452 9454 9457 9469 9475 9481 9490 9501 9502 9504 9505 9506 9507 9510 9511 9512 9515 9518 9525 9527 9529 9530 9531 9532 9533 9535 9536 9537 9540 9541 9542 9543 9548 9549 9554 9556 9558 9560 9565 9574 9577 9580 9581 9583 9584 9585 9589 9590 9592 9593 9607 9614 9615 9616
21:00:15 <sech1> wow, that's a lot
21:00:36 <ofrnxmr> 70
21:07:37 <selsta> syntheticbird: I'm helping with managing H1 website but I would prefer if someone else volunteers as point of contact in the document
21:19:46 <m-relay> <s​yntheticbird:monero.social> all fine selsta.
21:19:54 <m-relay> <s​yntheticbird:monero.social> waiting on jeffro response then
21:47:43 <m-relay> <j​effro256:monero.social> I would be okay being listed as a point of contact for vulnerabilities, but I need to tighten my key security before then
21:48:49 <m-relay> <j​effro256:monero.social> My main PGP key  that I use for day-to-day tasks is stored on a computer which has a lot of software running on it and touches the internet
21:49:47 <m-relay> <j​effro256:monero.social> I don't have a root PGP key posted anywhere, nor a PGP key that is suitable for ultra-sensitive communications
21:50:51 <m-relay> <s​yntheticbird:monero.social> let's gooooooo
21:50:51 <m-relay> <s​yntheticbird:monero.social> np, feel free to communicate when you have setup your opsec, I'll make a PR to edit VRP when you're ready
22:25:26 <m-relay> <s​agewilder:unredacted.org> For obtaining a valid e-mail address to register over HackerOne I need a secondary non-Proton e-mail address. Would it be possible that someone let me borrow his inbox for validation?
22:32:30 <ofrnxmr> Just encrypt a dm to moneromooo
22:33:48 <m-relay> <s​iren:kernal.eu> sagewilder: use https://mail.gw it works when registering with HackerOne
22:44:07 <m-relay> <s​agewilder:unredacted.org> This is successful, thank you, I didn't know this service existed.
22:44:07 <m-relay> <s​agewilder:unredacted.org> And sorry for the odd request.
22:46:13 <m-relay> <s​agewilder:unredacted.org> ofrnxmr, HackerOne is often a better support for media, discussions and transparency imo. I would have still messaged moneromooo if I hadn't had a choice.
22:57:08 <tobtoht_> merges for christmas?