Andrei POPESCU [2019-07-07T20:31:23+03] wrote: > My gpg.conf has: > > keyserver hkps://hkps.pool.sks-keyservers.net
SKS keyservers can be risky because they allow anybody to submit any number of key signatures to other people's keys. Recently some keys have been poisoned with a great number key signatures so that GnuPG chokes. Here's a link to message in gnupg-user mailing list. "SKS Keyserver Network Under Attack" https://lists.gnupg.org/pipermail/gnupg-users/2019-June/062098.html If you use SKS keyservers I really recommend using either of the following two options: keyserver-options import-clean keyserver-options import-minimal If you happen to download a huge poisoned key from an SKS keyserver the above mentioned options protect your local keyring from getting unknown key signatures. The checking can take some time, though. Future releases of GnuPG will include more protective features and default settings. "Release candidate for 2.2.17" https://lists.gnupg.org/pipermail/gnupg-users/2019-July/062297.html There is also <https://keys.openpgp.org>, a keyserver which doesn't distribute third-party signatures at all. -- /// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450 // https://keys.openpgp.org/search?q=tliko...@iki.fi / https://keybase.io/tlikonen https://github.com/tlikonen
signature.asc
Description: PGP signature