
E2EMail research project has left the nest - rmhrisk
https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html?m=1
======
HerraBRE
This appears to be a weak attempt to spin as positive the news that Google
have abandoned the end-to-end project... mysteriously posted when everyone is
busy processing the SHA1 and Cloudbleed news. From the post:

 _E2EMail is not a Google product, it’s now a fully community-driven open
source project, to which passionate security engineers from across the
industry have already contributed._

Contrast that with their Github repo, which has seen no commits since August,
as well as pull requests and issues that nobody has responded to.

I would dearly love to be proven wrong; if there has been ongoing work from
"passionate security engineers" somewhere else and I'm just missing it,
hopefully someone can post some details here?

(edit: Disclosure, I work on Mailpile, which is arguably a "competitor" to
both e2e and GMail. But I did genuinely want to see this project succeed and
improve e-mail security.)

~~~
dragonwriter
There was a pull request merged a few minutes ago, by someone whose username
suggests that they are also the first named author on the Google blog post.

~~~
HerraBRE
If this is all that has happened since August, well, the commit speaks for
itself:

[https://github.com/e2email-
org/e2email/commit/434f99c66efe49...](https://github.com/e2email-
org/e2email/commit/434f99c66efe491bee58e69aabf585d0598c9bf6)

Hopefully there's more to come! :-P

~~~
dragonwriter
Possible that it was in internal limbo for a while, and that the decision to
release it as a community project actually may bring it back to life, even
among Google staff.

(Never worked in Google, but it may be easier for interested employees to
contribute to external open-source projects than internal projects with no
resource allocation.)

~~~
HerraBRE
Thank you for injecting some optimism. :-) I'm disappointed and cynical about
this.

