Uploaded image for project: 'Whimsy'
  1. Whimsy
  2. WHIMSY-274

Switch to hkps://keys.openpgp.org for downloading keys

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • SecMail
    • None

    Description

      https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

      The SKS keyserver pool is now infected with some bad certificates which can cause a denial of service attack to gpg (and likely other similar tools). It sounds like it would be prudent to either disable downloading keys or switch to a safer keyserver for now.

      Ideally, users should be able to upload their own GPG keys, and that uploader could automatically filter out these types of malicious keys. This would be a separate feature, though, but now it seems more useful.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #69

          Activity

            People

              clr Craig L Russell
              mattsicker Matt Sicker
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 20m
                  20m