Easy WKD setup and contributing to overall ecosystem (Re: Automatic WKD via keys.openpgp.org)

Bernhard Reiter bernhard at intevation.de
Wed Mar 4 09:23:35 CET 2020

Hi Vincent,

Am Dienstag, 3. März 2020, 12:06:51 CET schrieb Vincent Breitmoser via Gnupg-
> > (And seriously shouldn't you set a good example and maintain the directory
> > on your mail server? >;) It is just running one script in case your
> > public key changes.)
> The reason I didn't have WKD set up before was that it's too inconvenient to
> manage, and also tends to get out of sync. 

Can you be more specific?
Each time our pubkey is changed, you need to run one script.
Scripts were public on wiki.gnupg.org/WKD for a long while.
Even for a smaller organisation, pubkey do not change that often, and if they 
do there are usually a set of things you need to do anyway.

And if running one script is not easy enough, the wks scripts and a decent 
mail client like KMail would make it even less hassle.

> This opinion was shared by
> several folks I talked to - who either didn't have WKD set up for the same
> reason, or whose experience was something along the lines of "sure it's
> easy to set up, here I wrote my own python script for the job".

Did you find out in more detail what the problems where?
If they were able to write their own script, did they share it?
(Often people did not find the scripts that we were publishing
or where lacking some info.)

> That's where the idea came from in the first place, to pick up people for
> the technology who don't care to do anything more complex themselves.
> Ideally, this will help along with the chicken-and-egg-problem.

Only if we motivate people that can do it, to actually delopy WKD and not 
WKDaaS. I've updated the wiki.gnupg.org entry to reflect our exchange better.

> As a more general thought, if we have to force ourselves "to set a good
> example", that's ok but we should make sure to take a second and consider
> "why do I need to force myself?". If there isn't at least the trend that a
> tech will work at some point without idealism fuel, it's valuable to think
> about why that is and correct course.

To me that is about responsibility. We (as the developers of the OpenPGP 
ecosystem - where I do include people that care  for it on several levels, 
like people on this list) should try to look at the larger issue and care for 
others that may not have that interest. And as always, the people doing the 
maintainance of technology have to work hard to make it easier for others.
It about doing what is considered best for the ecosystem, not about what I 
like personally.

www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20200304/f55e3e76/attachment.sig>

More information about the Gnupg-devel mailing list