Short update... On 2025-06-10 21:42:10, Antoine Beaupré via tor-project wrote:
Summary: GitLab now encrypts outgoing email notifications on confidential issues, if your key is in LDAP, OpenPGP keys stored in GitLab will be used soon.
[...]
## Future work
### OpenPGP certificates in GitLab
Right now, only "LDAP keys" (technically, the OpenPGP certificates `account-keyring.git` project) are considered for encryption.
Only mail delivered to `@torproject.org` are considered as well.
In the future, we hope to implement a GitLab API lookup that will allow other users to upload OpenPGP certificates through GitLab to use OpenPGP encryption for outgoing mail.
This has not been implemented yet because implementing the current backend was vastly easier, but we still hope to implement the GitLab backend.
I have walked back this idea. GitLab API lookups are vastly more complicated than just using the current keyring. At this point, I consider, again, that the best course of action to implement this is to natively implement this in GitLab and stop bolting on hacks on top of it.
### OpenPGP signatures
Mails are currently encrypted, without signature, which is [actually discouraged][]. We are considering signing outgoing mail, but this needs to be done carefully because we must handle yet another secret, rotation, expiry and so on.
[actually discouraged]: https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-mail-guidance-17.html#n...
This means, among other things, that the OpenPGP messages do not provide any sort of authentication that the message really comes from GitLab. It's still entirely possible for an attacker to introduce "fake" GitLab notifications through this system, so you should still consider notifications to be advisory. The source of truth here is the GitLab web interface.
OpenPGP signatures were seen as not absolutely necessary for a first implementation of the encryption system, but may be considered in the future. Note that we do *not* plan on implementing signatures for *all* outgoing mail at the time.
OpenPGP signatures were, however, implemented. The signing key is available through WKD in "direct mode", and is attached to this message. I have resolved the related issue about this work, but feedback is still welcome! https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/151 A. -- Antoine Beaupré torproject.org system administration