Suggest another way of importing GNU Guix GPG key

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Suggest another way of importing GNU Guix GPG key

From:	dftxbs3e
Subject:	Suggest another way of importing GNU Guix GPG key
Date:	Sat, 29 Jun 2019 23:11:19 +0200
User-agent:	Webmail Free/1.3.3

Hello,

SKS keyservers are currently under attack(https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f) -the attack can cause a GPG client to freeze completely and mess the GPGinstallation completely.

I suggest GNU Guix proposes another way of importing the GPG keys sothat users will not suffer from this problem.

There's another, newer, keyserver, proposed in this gist, that is run bynew software that doesnt suffer from this attack. See:https://keys.openpgp.org/about/news#2019-06-12-launch

However, that keyserver is not replicated. You could either use that oneor simply offer a download of the key over TLS with verification againstinstalled CAs, as secure as this can get.


Regards

[Prev in Thread]

Current Thread

[Next in Thread]

Suggest another way of importing GNU Guix GPG key, dftxbs3e <=
- Re: Suggest another way of importing GNU Guix GPG key, Alex Vong, 2019/06/29
  - Re: Suggest another way of importing GNU Guix GPG key, Christopher Lemmer Webber, 2019/06/29
  - Re: Suggest another way of importing GNU Guix GPG key, Giovanni Biscuolo, 2019/06/30

Prev by Date: Re: Guix beyond 1.0: let’s have a roadmap!
Next by Date: Re: Suggest another way of importing GNU Guix GPG key
Previous by thread: Expat 2.2.7 with security fixes has been released / CVE-2018-20843
Next by thread: Re: Suggest another way of importing GNU Guix GPG key
Index(es):
- Date
- Thread