a step in the right direction
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Tue Jan 16 15:54:07 CET 2018
On Mon 2018-01-15 17:45:49 -0500, Robert J. Hansen wrote:
> _Literally every major FOSS package manager breaks. Updates become
while i agree with rjh that destruction of the current SKS-based
keyserver network (either by technical or legal means) would today be a
net loss, this statement goes too far.
the debian package manager does not directly use the keyserver network,
and debian archive signing keys are themselves distributed as debian
the keyservers can occasionally be used as a way to find updated keys
for a system that has been offline for years, to "re-bootstrap" the
package manager, but dpkg and apt are certainly not reliant on the
keyserver network to do their thing.
Third-party repositories also do not need the keyservers to function
properly, if they're configured in a sensible way:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 832 bytes
Desc: not available
More information about the Gnupg-users