Matt Sicker created WHIMSY-274:
----------------------------------
Summary: Switch to hkps://keys.openpgp.org for downloading keys
Key: WHIMSY-274
URL: https://issues.apache.org/jira/browse/WHIMSY-274
Project: Whimsy
Issue Type: Improvement
Components: SecMail
Reporter: Matt Sicker
Assignee: Craig L Russell
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
The SKS keyserver pool is now infected with some bad certificates which can
cause a denial of service attack to gpg (and likely other similar tools). It
sounds like it would be prudent to either disable downloading keys or switch to
a safer keyserver for now.
Ideally, users should be able to upload their own GPG keys, and that uploader
could automatically filter out these types of malicious keys. This would be a
separate feature, though, but now it seems more useful.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
