On Tue, Aug 09, 2022 at 07:50:13PM +0200, Lynne wrote: > Aug 9, 2022, 13:02 by mich...@niedermayer.cc: > > > On Tue, Aug 09, 2022 at 12:59:52PM +0200, Michael Niedermayer wrote: > > > >> On Tue, Aug 09, 2022 at 12:36:53AM +0200, Michael Niedermayer wrote: > >> > On Mon, Aug 08, 2022 at 09:26:52PM +0200, Lynne wrote: > >> > > Aug 8, 2022, 16:50 by mich...@niedermayer.cc: > >> > > > >> > > > Given the recent server issues, i wonder if we should > >> > > > suggest/recommand > >> > > > and document signing commits and tags > >> > > > > >> > > > i tried to push such commit to github and it nicely says "verified" > >> > > > https://github.com/michaelni/FFmpeg/commit/75f196acd16fb0c0ca7a94f0c66072e7c6f736bf > >> > > > > >> > > > Ive generated a new gpg key for this experiment as i dont have my > >> > > > main key on the box used for git development and also using more > >> > > > modern eliptic curve stuff (smaller keys & sigs) > >> > > > i will upload this key to the keyservers in case it becomes the > >> > > > one i use for git. > >> > > > > >> > > > >> > > I sign all of my commits, > >> > > >> > I didnt notice, but thats good as it also proofs it works with no ill > >> > sideeffects > >> > > >> > Where can i find your public key ? it seems its not on the keyservers i > >> > checked > >> > >> Your key seems only on openpgp.org but that strips userids unless the > >> owner approves it > >> (i presume for GDPR) making the key not work > >> > >> gpg --keyserver hkps://keys.openpgp.org --recv-keys > >> FE50139C680572CAFD521F8DA2FEA5F03F034464 > >> gpg: key A2FEA5F03F034464: no user ID > >> gpg: Total number processed: 1 > >> > >> gpg --list-keys FE50139C680572CAFD521F8DA2FEA5F03F034464 > >> gpg: error reading key: No public key > >> > >> gpg --recv-keys FE50139C680572CAFD521F8DA2FEA5F03F034464 > >> gpg: keyserver receive failed: No data > >> > > > > found your key with google here: > > https://lynne.ee/extra/A2FEA5F03F034464.asc > > > > I just pushed it to keyserver.ubuntu.com, the only still working server > I found, surprisingly. Seems a few months ago sks (a protocol/sever? > to share keys between servers) was deprecated and most servers went > down, and the GDPR also took some out. Sad. There's some work done > to make a new protocol/server apparently. > I'm very sure I pushed my key to the MIT server back when I made it in 2019, > but that server also seems like it's forgotten my key and not accepting it.
yes, i was also scratching my head yesterday about this keyserver apocalypse the script below was what i ended up writing but iam not sure its usefull #!/bin/bash gpg --keyserver hkps://pgp.mit.edu --recv-keys $* & gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys $* & gpg --keyserver hkps://keys.openpgp.org --recv-keys $* & gpg --keyserver hkps://keys.gnupg.net --recv-keys $* & gpg --keyserver hkps://keyserver.pgp.com --recv-keys $* & > > I once imported all maintainer keys listed in MAINTAINERS and found many > were revoked (I think compn's), while some used triple DES. The oldest key > I found for a maintainer is actually Nicolas George's key, a triple DES from > 2001! > Maybe we should clean up the list of keys. yes maybe we also should collect the full public keys and not just the hashes this list of hashes came from a time where obtaining a key from a hash was trivial thx [...] -- Michael GnuPG fingerprint: 9FF2128B147EF6730BADF133611EC787040B0FAB Take away the freedom of one citizen and you will be jailed, take away the freedom of all citizens and you will be congratulated by your peers in Parliament.
signature.asc
Description: PGP signature
_______________________________________________ ffmpeg-devel mailing list ffmpeg-devel@ffmpeg.org https://ffmpeg.org/mailman/listinfo/ffmpeg-devel To unsubscribe, visit link above, or email ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
