Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use new experimental SKS server #72

Open
leandro-lucarella-sociomantic opened this issue Jul 3, 2019 · 0 comments · May be fixed by #73
Open

Use new experimental SKS server #72

leandro-lucarella-sociomantic opened this issue Jul 3, 2019 · 0 comments · May be fixed by #73
Labels
prio-high type-enhancement
Milestone
v6.0.1

Comments

@leandro-lucarella-sociomantic
Copy link
Contributor

Since the SKS Network is under attack, we should use the new experimental SKS server that has some measures to prevent spamming attacks.
@leandro-lucarella-sociomantic leandro-lucarella-sociomantic added this to the v7.0.1 milestone Jul 3, 2019
leandro-lucarella-sociomantic added a commit to leandro-lucarella-sociomantic/cachalot that referenced this issue Jul 3, 2019
@leandro-lucarella-sociomantic
Use experimental keyserver hkps://keys.openpgp.org
a1591a4 
The SKS keyserver network is vulnerable to spam attacks, and these
attacks started to happen. Downloading a spammed key will break GnuPG
installation "in hard to debug ways". To mitigate this problem, switch
to using a new experimental keyserver that is not part of the SKS
network. This server has its own limitations, but it seems to be the way
to go in the future.

For more information about the SKS network attack:
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

Fixes sociomantic-tsunami#72.
@leandro-lucarella-sociomantic leandro-lucarella-sociomantic linked a pull request Jul 3, 2019 that will close this issue
Open
leandro-lucarella-sociomantic added a commit to leandro-lucarella-sociomantic/cachalot that referenced this issue Jul 3, 2019
@leandro-lucarella-sociomantic
Use experimental keyserver hkps://keys.openpgp.org
c68adb6 
The SKS keyserver network is vulnerable to spam attacks, and these
attacks started to happen. Downloading a spammed key will break GnuPG
installation "in hard to debug ways". To mitigate this problem, switch
to using a new experimental keyserver that is not part of the SKS
network. This server has its own limitations, but it seems to be the way
to go in the future.

For more information about the SKS network attack:
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

Fixes sociomantic-tsunami#72.
leandro-lucarella-sociomantic added a commit to leandro-lucarella-sociomantic/cachalot that referenced this issue Jul 3, 2019
@leandro-lucarella-sociomantic
Use experimental keyserver hkps://keys.openpgp.org
fde5ccd 
The SKS keyserver network is vulnerable to spam attacks, and these
attacks started to happen. Downloading a spammed key will break GnuPG
installation "in hard to debug ways". To mitigate this problem, switch
to using a new experimental keyserver that is not part of the SKS
network. This server has its own limitations, but it seems to be the way
to go in the future.

For more information about the SKS network attack:
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

Fixes sociomantic-tsunami#72.
leandro-lucarella-sociomantic added a commit to leandro-lucarella-sociomantic/cachalot that referenced this issue Jul 3, 2019
@leandro-lucarella-sociomantic
Use experimental keyserver hkps://keys.openpgp.org
8480bce 
The SKS keyserver network is vulnerable to spam attacks, and these
attacks started to happen. Downloading a spammed key will break GnuPG
installation "in hard to debug ways". To mitigate this problem, switch
to using a new experimental keyserver that is not part of the SKS
network. This server has its own limitations, but it seems to be the way
to go in the future.

For more information about the SKS network attack:
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

Fixes sociomantic-tsunami#72.
leandro-lucarella-sociomantic added a commit to leandro-lucarella-sociomantic/cachalot that referenced this issue Jul 30, 2019
@leandro-lucarella-sociomantic
Use experimental keyserver hkps://keys.openpgp.org
46d0a85 
The SKS keyserver network is vulnerable to spam attacks, and these
attacks started to happen. Downloading a spammed key will break GnuPG
installation "in hard to debug ways". To mitigate this problem, switch
to using a new experimental keyserver that is not part of the SKS
network. This server has its own limitations, but it seems to be the way
to go in the future.

For more information about the SKS network attack:
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

Fixes sociomantic-tsunami#72.
leandro-lucarella-sociomantic added a commit to leandro-lucarella-sociomantic/cachalot that referenced this issue Sep 3, 2019
@leandro-lucarella-sociomantic
Use experimental keyserver hkps://keys.openpgp.org
c42696b 
The SKS keyserver network is vulnerable to spam attacks, and these
attacks started to happen. Downloading a spammed key will break GnuPG
installation "in hard to debug ways". To mitigate this problem, switch
to using a new experimental keyserver that is not part of the SKS
network. This server has its own limitations, but it seems to be the way
to go in the future.

For more information about the SKS network attack:
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

Fixes sociomantic-tsunami#72.
@leandro-lucarella-sociomantic leandro-lucarella-sociomantic removed their assignment Sep 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
prio-high type-enhancement
Projects
None yet
Milestone
v6.0.1
Development

Successfully merging a pull request may close this issue.

Use experimental keyserver hkps://keys.openpgp.org leandro-lucarella-sociomantic/cachalot
1 participant
@leandro-lucarella-sociomantic