Update keys.gnupg.net? Re: [Announce] GnuPG 2.2.29 (LTS) released

Ingo Klöcker kloecker at kde.org
Wed Jul 14 09:47:35 CEST 2021

On Dienstag, 13. Juli 2021 22:09:25 CEST Phil Pennock wrote:
> On 2021-07-13 at 18:26 +0200, Ingo Klöcker wrote:
> > On Dienstag, 13. Juli 2021 10:15:17 CEST Bernhard Reiter wrote:
> > > Does it make sense to change the list of servers behind
> > > keys.gnupg.net as well?
> > > 
> > > https://www.gnupg.org/documentation/manuals/gnupg/GPG-Configuration-Opti
> > > ons. html "The keyserver hkp://keys.gnupg.net uses round robin DNS to
> > > give a different keyserver each time you use it."
> > 
> > This needs to be updated. DNS isn't used anymore. See comment in code:
> > https://dev.gnupg.org/source/gnupg/browse/STABLE-BRANCH-2-2/dirmngr/server
> > .c$2127
> GnuPG has many released versions, which various distributions are using,
> which will still be using the public hostname.
> Updating what the DNS points at will benefit many people just using the
> defaults, with their old distribution.  Not updating is not likely to
> encourage them to update, it will just reinforce the perception that PGP
> is broken and a different ecosystem should be used.

Well, `dig keys.gnupg.net`, `nslookup keys.gnupg.net`, and `ping 
keys.gnupg.net` all agree that there is no DNS entry for keys.gnupg.net. 
Consequently, *updating* what the DNS points at makes no sense because there 
is nothing to update.

Of course, you could argue that the DNS pointers should be re-established to 
support those old distributions. But then again, nobody seems to have noticed 
that keys.gnupg.net is gone since I don't know when.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20210714/11032961/attachment.sig>

More information about the Gnupg-devel mailing list