Questions re auto-key-locate

Andrew Gallagher andrewg at andrewg.com
Wed Feb 16 10:32:26 CET 2022


On 15/02/2022 23:37, Dan Mahoney wrote:
> That's a decision I leave up to the people who *make*  the key (and the software that it's signing).

Sorry, from your previous message it sounded like you were publishing 
your own software.

> (and it's no longer the case that you can publish just anyone's key)

This is not true, you can still publish any key you want. In the 
specific case that you publish to keys.openpgp.org it will not be 
searchable by userid until the key owner verifies it, but your use case 
only requires lookup by fingerprint, so that doesn't arise.

> Right now, the decision is that our key (signed with our prior-year key) is on our website and FTP (also via https) site, and we do not assert that it's available on the keyservers.

OK, but again I'm curious about the reasoning...

-- 
Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20220216/47e1db9c/attachment.sig>


More information about the Gnupg-users mailing list