[ic] Please help with pgp issue, please.
interchange-users@interchange.redhat.com
interchange-users@interchange.redhat.com
Tue Sep 18 14:42:00 2001
Quoting Ed LaFrance (edl@newmediaems.com):
> The whole issue of raw credit card numbers being stored on a web-accessible
> server has been debated numerous times on this list. RH has positioned
> themselves firmly against it; others are more ambiguous.
(Please note that the below is my personal opinion. I don't want to
start Yet Another Credit Card Security Thread.)
So firmly against it that I simply will not help people store
unencrypted credit card numbers on their disk. If a person can't figure
out how to do it, I find it highly unlikely that they can secure the
rest of their system against a crack. I consider myself to be fairly
good at this stuff, and I wouldn't try it. That is proven -- you can ask
any client of mine who tried to get me to do it. I simply won't, even if
I am offered a lot of money.
Putting credit card numbers in a mail spool, particularly attached to an
order with billing address and expiriation date, I find to be the height
of lunacy. I know some would disagree, but I simply won't help enable
that behavior. Others can if they wish, but please tell me which stores
it is on -- I certainly will never shop there. Though that is probably
an empty gesture -- I am guessing there are thousands of stores out
there which are cavalier with my personal info and credit card
information. All I know is that I won't be cavalier with others' info.
Please just use the encryption. It is easy to configure modern mail
clients for PGP, and you typically only have to input the pass phrase
once per session. GPG is available free of charge, and client PGP is
free or available at very low cost.
--
Red Hat, Inc., 3005 Nichols Rd., Hamilton, OH 45013
phone +1.513.523.7621 <mheins@redhat.com>
"Even if you're on the right track, you'll get run over if you just
sit there." -- Will Rogers