Re: [Sks-devel] Cease of operation: *.gnupg.pub

[Franck Nijhof]

Hi Travis,

I am pretty aware of the location of the source code as you have might noticed 
in my initial writing:

> I have studied the code running the pools quite a bit


I also have not modified any of the SKS key server code along the process. My 
machines always ran the original SKS key server code.
The issue is with the SKS key-server website/pool decision code, which is 
currently hosted by Sumptuous Capital.

Let me quote another thing form my initial message:

> In my humble opinion the code should be made public on a decent open source 
> platform (e.g., GitHub)


I am not sure if the little Git server thingy on that Sumptuous Capital domain 
qualifies.
Bitbucket is a fine service by Atlassian, but let's be honest here, if you are 
serious about Open Source, GitHub is the place to be.
Open Source requires, issue management, pull requests and above all: 
contributors! Unfortunately, the latter are mostly found on GitHub.

Nevertheless, thank you for your response Travis, that is very much appreciated.

With kind regards,

Franck Nijhof

> On 23 Apr 2018, at 17:43, Travis <address@hidden> wrote:
> 
> On 04/23/2018 10:24 AM, Franck Nijhof wrote:
>> Hi there,
>> 
>> Via this message, I am announcing the cease of operations on the servers: 
>> *.gnupg.pub.
>> 
>> I have started this experiment some time ago and have enjoyed it pretty much 
>> and reached my goal; Getting my server in the pools most of the time,  by 
>> getting the highest possible score (without HA).
>> 
>> The time has also come to make some confessions. Those scores my server got, 
>> are not real. I have studied the code running the pools quite a bit and 
>> discovered quite a few flaws in it. Which I successfully exploited to get a 
>> higher ranking, resulting in my pretty low budget VPS to be in multiple 
>> pools almost all the time. I am not going to expose those flaws right here. 
>> Nevertheless, I do think it is pretty severe that this system is that easy 
>> to manipulate. Even worse; I did not even get into doing extreme things 
>> since that was not necessary at all.
>> 
>> With all due respect, the code running the SKS pools and website are in a 
>> pretty sad state. In my humble opinion the code should be made public on a 
>> decent open source platform (e.g., GitHub), refactored and exposed as much 
>> as possible in order to gain feedback and improvements from other 
>> developers. While doing that, add some decent CI/CD as, including some 
>> static code analysis tooling.
>> 
>> Don't worry; the data is not being exploited at all. Nor did peering with me 
>> had any effect on your services. That was never my intention of this little 
>> project.
>> 
>> Thank you for learning me so much from GPG and the inner working of the SKS 
>> pools that are so important to the GnuPG community and its users.
>> 
>> With kind regards,
>> 
>> Franck Nijhof
> 
> The code is available at:
> 
> https://bitbucket.org/skskeyserver/sks-keyserver/overview
> https://git.sumptuouscapital.com/?p=sks-keyservers-pool.git;a=summary
> 
> It'll be great to have your contributions to help improve the project.
> 
> Travis
>

signature.asc
Description: Message signed with OpenPGP