[Sks-devel] [FYI] keys.gnupg.net (was: changing the default for --keyid-format)
Jeffrey Johnson
n3npq at me.com
Tue May 29 19:59:28 CEST 2012
On May 29, 2012, at 1:26 PM, Werner Koch wrote:
> Hi,
>
> I can't remember whether I announced it, but since some weeks
>
> keys.gnupg.net is a CNAME to pool.sks-keyservers.net
>
> and
>
> http-keys.gnupg.net is a CNAME to ha.pool.sks-keyservers.net
>
> The reason for this change is that it is useless to spend a lot of work
> in maintaining such a second pool. The folks behing sks-keyservers.net
> to a very well job. keys.gnupg.org is mentioned in the installed sample
> config file and thus likely used by many new users. Now it works again.
>
FWIW, the reasoning is/was similar in RPM choosing the sks-keyservers pool
as a default key server configuration:
%_hkp_keyserver hkp://pool.sks-keyservers.net
%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search=
There's no need to reinvent a better infrastructure.
So I'll chime in and piggy-back a +1 to Kristian Fiskerstrand here: Nice job!
(aside)
The previous default of "keys.rpm5.org" might yet have to be resurrected
if it is not possible to also use SKS key servers as a notary registrar for
automatically generated key pairs generated by every invocation of
rpmbuild -ba foo.spec
The number of invocations of rpmbuild daily is likely larger than all other
pubkey uploads to SKS key servers combined.
Which makes me a bit more sensitive to issues of bloat! with CA57AD7C robo-signatures
in SKS key servers than most.
73 de Jeff
More information about the Gnupg-users
mailing list