Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migrate away from pool.sks-keyservers.net #76

Closed
philihp opened this issue Sep 4, 2020 · 7 comments
Closed

Migrate away from pool.sks-keyservers.net #76

philihp opened this issue Sep 4, 2020 · 7 comments

Comments

@philihp
Copy link

philihp commented Sep 4, 2020

Would you be open to a PR that switches from pool.sks-keyservers.net to keys.openpgp.org?

The SKS package itself being written in Ocaml has struggled to find maintainers and fragile as it crashes when abusive requests are sent. Hagrid (keys.openpgp.org), on the other hand, is a new keyserver written in Rust and complies with the GDPR laws by verifying email addresses and allowing revocation.

Most of the work here would entail asking the owners of existing keys to verify their listed emails, which I'm down to do.
@lazka
Copy link
Member

lazka commented Sep 4, 2020
edited
Loading

Do you mean for the pacman keyring? From what I remember the problem was that we have two keys per email/person in the key ring, one as a master key and one as a packager key, and keys.openpgp.org didn't allow multiple keys per email. (and in addition I have my non-msys2-related primary key on keys.openpgp.org as well, so three keys in total)

I was thinking of moving to keyserver.ubuntu.com, since that seems to be the most fast/stable one I know.

@philihp
Copy link
Author

philihp commented Sep 4, 2020

Ah, multiple keys per one email would be an issue. They could be moved to subkeys of one master key, but that's a lot of tricky work for little gain.

keyserver.ubuntu.com is also very stable and supported. I'd be happy to take on this work.

@lazka
Copy link
Member

lazka commented Sep 5, 2020
edited
Loading

@philihp just wondering, what's your motivation here?

@elieux thoughts on moving our default pacman keyring config to keyserver.ubuntu.com?

@philihp
Copy link
Author

philihp commented Sep 5, 2020

@lazka helping to push along gpg's infra before it falls over on itself

@elieux
Copy link
Member

elieux commented Jun 26, 2021

Given the shutdown of the SKS pool, we have to do something now. I'd be happy to switch right now, if we could do it just for Pacman, but I'm not sure if that's practical.

It'd be nice to see what Arch Linux decides on (and what GnuPG itself does, if anything), but maybe a completely separate keyserver like Ubuntu's or MIT's is a good enough choice for us that we won't need to follow upstream.

@lazka lazka changed the title Migrate to keys.openpgp.org Migrate away from pool.sks-keyservers.net Jun 26, 2021
@lazka
Copy link
Member

lazka commented Jun 26, 2021

PR to change the msys default: msys2/MSYS2-packages#2563

@humbleoh humbleoh mentioned this issue Oct 18, 2021
Open
@lazka
Copy link
Member

lazka commented May 2, 2022
edited
Loading

upstream also switched to ubuntu keyservers shortly after.

If we ever have to move to something else then it's likely going to be WKD, like Arch Linux: msys2/MSYS2-keyring#13

That will need some coordination an re-signing keys though..

@lazka lazka closed this as completed May 2, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lazka @philihp @elieux