Hi, I am planing to write a script, which will refresh the apt signing key before updating using "apt-get update". The script might get accepted in Debian. [1] With my Whonix hat on, it's safe to say, that this script will be added to Whonix (which is a derivative of Debian).
Writing that script would be much simpler if it could re-use the existing keyserver infrastructure. Now imagine if this gets added to Debian, that all users of Debian and all its derivatives will always refresh their signing key against keyservers? Could keyservers cope up with the load? The legal question would be interesting, but don't worry, if you ask me not to use keyservers for this, I'll use a mechanism outside of keyservers. Cheers, adrelanos [1] http://lists.debian.org/debian-security/2013/12/msg00031.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users