Details
-
Improvement
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
Description
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
The SKS keyserver pool is now infected with some bad certificates which can cause a denial of service attack to gpg (and likely other similar tools). It sounds like it would be prudent to either disable downloading keys or switch to a safer keyserver for now.
Ideally, users should be able to upload their own GPG keys, and that uploader could automatically filter out these types of malicious keys. This would be a separate feature, though, but now it seems more useful.
Attachments
Issue Links
- links to