[Sks-devel] [FYI] keys.gnupg.net (was: changing the default for --keyid-format)

Jeffrey Johnson n3npq at me.com
Tue May 29 19:59:28 CEST 2012


On May 29, 2012, at 1:26 PM, Werner Koch wrote:

> Hi,
> 
> I can't remember whether I announced it, but since some weeks
> 
>  keys.gnupg.net is a CNAME to pool.sks-keyservers.net
> 
> and
> 
>  http-keys.gnupg.net is a CNAME to ha.pool.sks-keyservers.net
> 
> The reason for this change is that it is useless to spend a lot of work
> in maintaining such a second pool.  The folks behing sks-keyservers.net
> to a very well job.  keys.gnupg.org is mentioned in the installed sample
> config file and thus likely used by many new users.  Now it works again.
> 

FWIW, the reasoning is/was similar in RPM choosing the sks-keyservers pool
as a default key server configuration:
	%_hkp_keyserver hkp://pool.sks-keyservers.net
	%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search=
There's no need to reinvent a better infrastructure.

So I'll chime in and piggy-back a +1 to Kristian Fiskerstrand here: Nice job!

(aside)
The previous default of "keys.rpm5.org" might yet have to be resurrected
if it is not possible to also use SKS key servers as a notary registrar for
automatically generated key pairs generated by every invocation of
	rpmbuild -ba foo.spec
The number of invocations of rpmbuild daily is likely larger than all other
pubkey uploads to SKS key servers combined.

Which makes me a bit more sensitive to issues of bloat! with CA57AD7C robo-signatures
in SKS key servers than most.

73 de Jeff



More information about the Gnupg-users mailing list