[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Finding a “good” OpenPGP key server

From: Maxime Devos
Subject: Re: Finding a “good” OpenPGP key server
Date: Mon, 23 May 2022 18:19:05 +0200
User-agent: Evolution 3.38.3-1

Ludovic Courtès schreef op ma 18-04-2022 om 22:24 [+0200]:
> [... guix refresh -u stuff failing due to not finding the key ...]
> I’m not sure what a good solution is (other than looking for the key
> manually on Savannah or on some random key server).

Alternatively, why use key servers at all?  WDYT of something like

  (name "gnurl")
    ;; Keys that are considered ‘trustworthy’ for signing releases
    ;; of gnurl.
    `((permitted-pgp-signing-keys "CABB A99E ..." "DEAD BEEF ...")
      ;; Locations of PGP key (possibly with some of them pointing to
      ;; the same key)
        ,(savannah-pgp-key USER-ID) ... ; most signers are on
        ,(local-file "[...]/") ; not easily available from the Web   
        "ipfs://.../..." "gnunet://...")))) ; download key via P2P networks

The first part (permitted-pgp-signing-keys) has been suggested previously and
seems mostly orthogonal, but the second part is new.  It would reduce
the dependency on central infrastructure.  We could consider key servers
to be ‘merely’ another fallback.


Attachment: signature.asc
Description: This is a digitally signed message part

reply via email to

[Prev in Thread] Current Thread [Next in Thread]