[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Using SKS servers for RPM packaging
|
From: |
Jeffrey Johnson |
|
Subject: |
[Sks-devel] Using SKS servers for RPM packaging |
|
Date: |
Sat, 10 Dec 2011 11:14:16 -0500 |
Hi --
I've been lurking here and running several SKS keyservers
for about 2 years now while automating pubkey retrieval
in RPM package management @rpm5.org.
Till now, I've been distributing RPM configured against
a private SKS key server, an aging dual G5 behind a
residence cable modem, called "keys.rpm5.org". Likely
down at the moment because I'm attempting to scrap
an ancient box which has served its purpose.
Even with that minimal infrastructure, automated SKS pubkey retrieval
has survived every attempt that I could devise to crash my own
servers.
So I believe that its time to distribute RPM configured against
the SKS pool.
I don't expect any significant increase in usage whatsoever:
RPM is an application much like gnupg or mutt, and
SKS servers are intended to serve pubkeys as needed.
The one important difference in RPM is that this is an automated retrieval,
and for a sharply restricted set of pubkeys used by linux vendors, which
may show up in SKS server usage reports. RPM development under buildbots
testing retrieval of 20-30 keys will also have a predictable usage pattern,
unlike other applications.
Meanwhile the traditional means of distributing pubkeys for verifying *.rpm
content doesn't use hip:// retrieval at all, but rather imports pubkeys on all
client machines, and I expect that to be the dominant pubkey distribution
mechanism for years to come. Heck most depsolvers just disable
digital signatures because its too much bother to configure/maintain
pubkeys used for software distribution on client boxen.
If there any concerns or objections, please speak up now. I personally
don't think there will be any issue whatsoever, but I'm obligated to
speak first because of the slim possibility that there might be a
significant change in traffic patterns because of the potential size
of the RPM application.
Even if there is an issue, all I'm doing is pre-configuring the
"public" SKS pool instead of a private server. I can/will revert
to a private server in RPM if there are any issues whatsoever. The
URL is merely configuration.
hth
73 de Jeff
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Sks-devel] Using SKS servers for RPM packaging,
Jeffrey Johnson <=