KDE GPG Keyserver

Dr.-Ing. Christoph Cullmann cullmann at absint.com
Mon Jul 31 10:28:45 UTC 2017


> On Mon, Jul 24, 2017 at 5:11 PM, Sandro Knauß <sknauss at kde.org> wrote:
>> Hey,
>>> I recommend using the keyserver (pool) that's recommended by the official
>>> GnuPG FAQ [1] or, even better, sticking to the default, unless you have a
>>> specific reason for not using those. If you are concerned about your
>>> privacy then you should rather look into using a keyserver on the Tor
>>> network.
>>  A specialied keyserver makes sense, if we want to improve the situation with
>> GPG Keys. We already use the Kes to sign releases, so we may want to check if
>> these keys are available and why not use our own pool?
>> * we can improve more rules for keys like >1024 bits no DSA, no unlimited
>> keys,...)
>> (Debian also has his own keyring, where they have far more rules than a simple
>> sks-keyserver)
>> * This makes sense in terms of get a more unified way to test on our systems
>> that a key is "known"... We had already this discussion of where to get a key
>> for a signature on the devel list...
> FWIW, the reason for not having a server is what Christoph said about
> maintaining stuff we don't technically need. Hosting our own server
> adds no tangible value over deferring to the pool. Which goes doubly
> so because the way debian's keyring is used is as a moderated frontend
> server (IIRC), rather than a public access pool server everyone can
> push keys into... apples and oranges.
> Whether or not we should have a thing like debian is a discussion we
> could have I suppose, though personally, I don't see the paperwork and
> knowledge overhead such a setup would entail going well with our
> community.
Yes, and given we want to lower the maintainance effort in other parts of the server
setup we have, I don't really see why we open here yet another can of worms.


----------------------------- Dr.-Ing. Christoph Cullmann ---------
AbsInt Angewandte Informatik GmbH      Email: cullmann at AbsInt.com
Science Park 1                         Tel:   +49-681-38360-22
66123 Saarbrücken                      Fax:   +49-681-38360-20
GERMANY                                WWW:   http://www.AbsInt.com
Geschäftsführung: Dr.-Ing. Christian Ferdinand
Eingetragen im Handelsregister des Amtsgerichts Saarbrücken, HRB 11234

More information about the kde-community mailing list