Email notifications security issue

This has already been identified as a problem and been worked on - see #4266 and #4508. However, progress has stalled - I've just bumped the PR to see if anyone can take it on and finish it.

Oh, that's really good. Should I delete this post here, then?

I don't think it's possible to delete Loomio posts, but if it's possible, you can delete it if you want to. We don't really have a policy about what to do with duplicate posts at the moment. It might be better to leave it here with its link to the PR, in case anyone else worries about this issue and comes here to look for previous discussions.

Actually, it seems like part of the hold up is that people (including me above) say that the privacy issue is only for non-public posts. while this is true, I don't think this means that public posts need to be treated differently. I think it would be fine to treat all posts the same and I'm guessing most people would agree. People aren't asking for public posts to be sent out because they want that functionality, they just need the private functionality to change.

I don’t think this means that public posts need to be treated differently. I think it would be fine to treat all posts the same and I’m guessing most people would agree.

See the proposal here, in which it was overwhelmingly agreed that email alerts for limited posts should show only a link to the post, while email alerts for public posts should show a summary of the post. Two of the three people who disagreed on the proposal did so not because they thought that public posts shouldn't show a summary, but that limited posts also should show a summary.

How about using PGP/GPG encrypted messages? ;)