[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] ProxMox/Debian 10.1 gnupg2 notice:
From: |
Todd Fleisher |
Subject: |
Re: [Sks-devel] ProxMox/Debian 10.1 gnupg2 notice: |
Date: |
Tue, 10 Sep 2019 22:27:00 -0700 |
Hendrik,
Thanks for sharing this. It seems the latest GPG Tools release for macOS
integrated the same behavior and is stripping valid 3rd party signatures from
newly downloaded or updated keys. I’m trying to work around it, but so far no
luck trying to use that option via the command line or in gpg.conf or
dirmngr.conf. If anyone has solved for this for that platform please let me
know.
-T
> On Sep 10, 2019, at 2:03 AM, Hendrik Visage <address@hidden> wrote:
>
> Thought it would be interesting to know this state:
>
>
> apt-listchanges: News
> ---------------------
>
> gnupg2 (2.2.12-1+deb10u1) buster; urgency=medium
>
> In this version we adopt GnuPG's upstream approach of making keyserver
> access default to self-sigs-only. This defends against receiving
> flooded OpenPGP certificates. To revert to the previous behavior (not
> recommended!), add the following directive to ~/.gnupg/gpg.conf:
>
> keyserver-options no-self-sigs-only
>
> We also adopt keys.openpgp.org as the default keyserver, since it avoids
> the associated bandwidth waste of fetching third-party certifications
> that will not be used. To revert to the older SKS keyserver network (not
> recommended!), add the following directive to ~/.gnupg/dirmngr.conf:
>
> keyserver hkps://hkps.pool.sks-keyservers.net
>
> Note: we do *not* adopt upstream's choice of import-clean for the
> keyserver default, since it can lead to data loss, see
> https://dev.gnupg.org/T4628 for more details.
>
> -- Daniel Kahn Gillmor <address@hidden> Wed, 21 Aug 2019 14:53:47 -0400
>
>
> _______________________________________________
> Sks-devel mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/sks-devel
signature.asc
Description: Message signed with OpenPGP