Hello all,
I am trying to verify signature of downloaded files when creating a docker
container. This is what I am trying to do within the Dockerfile:
RUN gpg -v --status-fd 1 --no-keyring \
--trust-model always \
--recipient-file /pubkes/release-key.txt \
--verify sigfile.as
On 2025-01-30 11:29, Michael Richardson wrote:
I think that that the place where we actually need to differ from the
past is
actually the flood-fill between key servers. I think that's probably
not
going to work.
Speaking for the current SKS keyserver operators, it *is* currently
working.
I was awake a bunch last night, and I was pondering the six points that Seth
made. I am more and more concerned with having key servers have access to
revocation (certificates), and I have no understanding how this will work with
key server to key server communication. It seems to me that there
