On 15/10/2019 21:59, Robert J. Hansen wrote: > Should they update? Yes. Is the problem mitigated by an update? Yes. > But will they? Probably not before wedging their keyring. Given that > high-profile people in the community have had our certificates defaced, > it's possible someone will say "I want to ask dkg a question," pull down > his cert, get wedged, and... etc.
I can confirm that this happens and users are being b0rked because of trolls. Street level rumour is that GnuPG key exchange is broken and you should not use it. It doesn't matter what the truth is - it is the public perception that recent SKS events made it unusable, this was advertised across the media all over the place and the image stuck. Additionally, poor handling of SKS fiasco by GnuPG community hurt it's credibility a lot, so a clear signal that this issue was treated seriously would be beneficial. Should it be advertised as a new go-to standard or as transitional standard, beta/alpha/whatever - I don't know, it's debatable. Cheers, Chris _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
