Use experimental keyserver hkps://keys.openpgp.org

The SKS keyserver network is vulnerable to spam attacks, and these attacks started to happen. Downloading a spammed key will break GnuPG installation "in hard to debug ways". To mitigate this problem, switch to using a new experimental keyserver that is not part of the SKS network. This server has its own limitations, but it seems to be the way to go in the future. For more information about the SKS network attack: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f Fixes sociomantic-tsunami#72.
leandro-lucarella-sociomantic · Jul 3, 2019 · c68adb6 · c68adb6
1 parent 21ab7d6
commit c68adb6
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/docker/develdlang b/docker/develdlang
@@ -15,7 +15,7 @@ apt_add_bintray_repos sociomantic-tsunami/ebtree sociomantic-tsunami/dlang \
 		dlang-community/apt
 
 # Add extra DMD D-APT repo
-apt-key adv --keyserver keyserver.ubuntu.com --recv-keys EBCF975E5BA24D5E
+apt-key adv --keyserver hkps://keys.openpgp.org --recv-keys EBCF975E5BA24D5E
 # Added manually until D-APT is fixed
 #wget http://downloads.sourceforge.net/project/d-apt/files/d-apt.list \
 #               -O /etc/apt/sources.list.d/d-apt.list

diff --git a/docker/util.sh b/docker/util.sh
@@ -83,7 +83,7 @@ apt_update_and_install_base_packages()
 
 apt_install_bintray_key()
 {
-	apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 379CE192D401AB61
+	apt-key adv --keyserver hkps://keys.openpgp.org --recv-keys 379CE192D401AB61
 }
 
 apt_add_bintray_repos()