-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Jason Harris: > On Wed, Dec 18, 2013 at 10:20:26PM +0000, adrelanos wrote: > >> I am planing to write a script, which will refresh the apt >> signing key before updating using "apt-get update". The script >> might get accepted in Debian. [1] With my Whonix hat on, it's >> safe to say, that this script will be added to Whonix (which is a >> derivative of Debian). >> >> Writing that script would be much simpler if it could re-use the >> existing keyserver infrastructure. Now imagine if this gets added >> to Debian, that all users of Debian and all its derivatives will >> always refresh their signing key against keyservers? Could >> keyservers cope up with the load? >> >> The legal question would be interesting, but don't worry, if you >> ask me not to use keyservers for this, I'll use a mechanism >> outside of keyservers. > >> [1] >> http://lists.debian.org/debian-security/2013/12/msg00031.html > > 1) setup your own DNS so you can shut things off if anything goes > wrong! (you can use dyn.com or others, no servers required)
Interesting idea. I guess in that case I'll got with what I wrote under 3). > 2) probably best discussed on the sks-devel list, Reply-To set > accordingly Okay, I'll repost there. > 3) try running your own keyserver(s), SKS is easy enough to deploy I don't have a lot servers with bandwidth available. And rather than spending money on that, in case keyservers decline, I am probably re-using sourceforge.net's infrastructure. I already asked them once about a similar thing [they're willing to host our project news files (comparable small files with comparable load)], they'll most likely accept that as well. I don't know how they or some others manage it, but their traffic comes virtually for free. -----BEGIN PGP SIGNATURE----- iQJ8BAEBCgBmBQJSsmskXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5QjE1NzE1MzkyNUMzMDNBNDIyNTNBRkI5 QzEzMUFEMzcxM0FBRUVGAAoJEJwTGtNxOq7vRloP/i0vZRFCyQY7NBc1ZxPuVJpA PPiKuXODo/+jG/VX8krkYWaAIL9otCwrUMFlS0LxFYHvtfx03NaISaGG1WV3mWJA 1KiqODX+5RszCf/By4tW9JE1EdNeOjZM+XhPZ6oRMQogpmtVAe1EFIscQ84H3k0T SOcd4I//Q+7qkomhEu+C0crSogzzyvYRhG52a7IGDUCLRrhAc+CX0WbYqc5OZj5c qHGdDMPbhpa0/Z514pYuewUu4tQDc3NLZ1fpZGd6GeY3zC/grrLEtnbQogkjeiwB nIu90TC5yYGw8B9reJlfb6lq6s+QG/bs6yweHVg4oaa/i7Lfe9O6/WMshshuu62z sMt3eyAeXTyKFYPv9kugSFNkqGHWlDome3PJzYOqRE3BkxYU21qegzTfNUD50jpH pNVX5I7wSecpvNa3yIEE9000FDOdwvx/sJrEhmlY90J12BHZATJHQgcgq04GAPQT OL+kYRhifdS6BE7VXT2eHepQzviGScPZ09n+5ZpkX6nn/pcW84McUYg3qpam8OoU hGmcoJ0V5dnGNJjmzdMfeej1TsYKjE+uWpAod/lPnXHry/4FYTTSxrdfyfaRQOJx yd2DkcjZ0EzP/13DS8GxgH53FKiqxIQxjDhVyBNeSVnjB/f6TbuMJH3ZEl0FL3gn /ex0cwPRQ6lVxLtcpg8f =/K1w -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
