You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@whimsical.apache.org by "Sebb (Jira)" <ji...@apache.org> on 2021/08/09 11:44:00 UTC

[jira] [Resolved] (WHIMSY-364) Need to switch PGP key server defaults again as SKS retired

     [ https://issues.apache.org/jira/browse/WHIMSY-364?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Sebb resolved WHIMSY-364.
-------------------------
    Resolution: Fixed

This is working again for the Secretary workbench

> Need to switch PGP key server defaults again as SKS retired
> -----------------------------------------------------------
>
>                 Key: WHIMSY-364
>                 URL: https://issues.apache.org/jira/browse/WHIMSY-364
>             Project: Whimsy
>          Issue Type: Bug
>          Components: SecMail
>            Reporter: Matt Sicker
>            Assignee: Craig L Russell
>            Priority: Major
>
> https://code.firstlook.media/the-death-of-sks-pgp-keyservers-and-how-first-look-media-is-handling-it
> I'm surprised I didn't notice this back when we were switching to the SKS key server mirrors. It seems like we have a few options:
> * Use https://keys.openpgp.org which has stricter security, though it requires that key uploaders verify their email address with that site in order for their published keys to be publicly searchable (not sure if that applies to the key id directly)
> * GnuPG has a feature for storing and searching for PGP keys in LDAP if we want to host keys somewhere more standardized, but this doesn't help for people who don't already have an account
> * Offer some method for submitters to include an HTTPS link to download their PGP key



--
This message was sent by Atlassian Jira
(v8.3.4#803005)