[Sks-devel] [Announcement] SKS 1.1.6 Released

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Mon Aug 8 16:16:38 CEST 2016 

On 08/08/2016 08:11 AM, Daniel Kahn Gillmor wrote:
> On Sun 2016-08-07 10:40:08 -0400, Kristian Fiskerstrand wrote:
> 

..

>> Note when upgrading from earlier versions of SKS
>> ====================
>> The default values for pagesize settings changed in SKS 1.1.4. To
>> continue using an existing DB from earlier versions without rebuilding,
>> explicit settings have to be added to the sksconf file.
>> pagesize:       4
>> ptree_pagesize: 1
> 
> it's not clear to me what this means: are these settings that should be
> added to sksconf if they weren't already there and you're using an
> existing database without rebuilding?

yes; if the database was built before 1.1.4 originally (which was
released in July 2012), values between 1.1.4, 1.1.5 and 1.1.6 are
consistent, so if you've upgraded to 1.1.5 this must already be properly
set.

> 
> what if those variables are already set in the sksconf file but they
> have different values?

Then you retain the different values

> 
> what if they weren't set, sks was upgraded, and the database wasn't
> rebuilt?  what sort of failures should server operators expect?

Errors loading BDB environment / starting SKS.

> 
>> Getting the Software
>> ====================
>> SKS can be downloaded from
>> https://bitbucket.org/skskeyserver/sks-keyserver
> 
> https://bitbucket.org/skskeyserver/sks-keyserver/downloads
> 
> has some very strange text in it:
> 
>           <tr class="iterable-item" id="download-1023182">
>             <td class="name"><a class="execute" href="
>                     /skskeyserver/sks-keyserver/downloads/sks-1.1.6.tgz">sks-1.1.6.tgz</a>
>             </td>
> 
> Is there a reason for the newline and leading whitespace?  That causes
> debian/watch to fail to discover the new tarball.
> 

You'll have to ask bitbucket.. we don't control the HTML template of the
downloads page.

> 
>> A check should also be made that the key is signed by
>> trustworthy other keys;
>>
>>     gpg --list-sigs 0x41259773973A612A
> 
> This doesn't actually validate the retrieved signatures, fwiw.  you
> probably want --check-sigs instead of --list-sigs.

Fair point, will update announcement template.
> 
> Regards,
> 
>         --dkg
> 


-- 
----------------------------
Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
----------------------------
Public OpenPGP certificate at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
----------------------------
Nomina stultorum scribuntur ubique locorum
Fools have the habit of writing their names everywhere

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160808/8b4136d5/attachment.sig>

More information about the Gnupg-users mailing list