[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] [FYI] keys.gnupg.net (was: changing the default for --ke
|
From: |
Jeffrey Johnson |
|
Subject: |
Re: [Sks-devel] [FYI] keys.gnupg.net (was: changing the default for --keyid-format) |
|
Date: |
Tue, 29 May 2012 13:59:28 -0400 |
On May 29, 2012, at 1:26 PM, Werner Koch wrote:
> Hi,
>
> I can't remember whether I announced it, but since some weeks
>
> keys.gnupg.net is a CNAME to pool.sks-keyservers.net
>
> and
>
> http-keys.gnupg.net is a CNAME to ha.pool.sks-keyservers.net
>
> The reason for this change is that it is useless to spend a lot of work
> in maintaining such a second pool. The folks behing sks-keyservers.net
> to a very well job. keys.gnupg.org is mentioned in the installed sample
> config file and thus likely used by many new users. Now it works again.
>
FWIW, the reasoning is/was similar in RPM choosing the sks-keyservers pool
as a default key server configuration:
%_hkp_keyserver hkp://pool.sks-keyservers.net
%_hkp_keyserver_query %{_hkp_keyserver}/pks/lookup?op=get&search=
There's no need to reinvent a better infrastructure.
So I'll chime in and piggy-back a +1 to Kristian Fiskerstrand here: Nice job!
(aside)
The previous default of "keys.rpm5.org" might yet have to be resurrected
if it is not possible to also use SKS key servers as a notary registrar for
automatically generated key pairs generated by every invocation of
rpmbuild -ba foo.spec
The number of invocations of rpmbuild daily is likely larger than all other
pubkey uploads to SKS key servers combined.
Which makes me a bit more sensitive to issues of bloat! with CA57AD7C
robo-signatures
in SKS key servers than most.
73 de Jeff