On Wed, Dec 18, 2013 at 10:20:26PM +0000, adrelanos wrote: > I am planing to write a script, which will refresh the apt signing key > before updating using "apt-get update". The script might get accepted in > Debian. [1] With my Whonix hat on, it's safe to say, that this script > will be added to Whonix (which is a derivative of Debian). > > Writing that script would be much simpler if it could re-use the > existing keyserver infrastructure. Now imagine if this gets added to > Debian, that all users of Debian and all its derivatives will always > refresh their signing key against keyservers? Could keyservers cope up > with the load? > > The legal question would be interesting, but don't worry, if you ask me > not to use keyservers for this, I'll use a mechanism outside of keyservers.
> [1] http://lists.debian.org/debian-security/2013/12/msg00031.html 1) setup your own DNS so you can shut things off if anything goes wrong! (you can use dyn.com or others, no servers required) 2) probably best discussed on the sks-devel list, Reply-To set accordingly 3) try running your own keyserver(s), SKS is easy enough to deploy -- Jason Harris | PGP: This _is_ PGP-signed, isn't it? jhar...@widomaker.com _|_ Got photons? (TM), (C) 2004
pgpya6iSgyHv5.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
