> Which would be step in the right direction when compared > with the current situation.
... shutting down a keyserver network relied on by literally tens of thousands of people, to say nothing about OS distributions, is a "step in the right direction"? Okay. Fine. Let's say you wave a magic wand and you're able to make the keyserver network go away. What are the immediate, *predictable*, consequences? First, people in bad places like Syria and Iran lose the ability to easily get public keys for journalists in free countries. The neat thing about the pool is nobody knows exactly who all is in it. Years ago for some months I ran a covert keyserver to see how practical it would be for people in hostile regimes: my keyserver was not part of the public pool, but synced with it. That's useful because a regime might firewall off the entire pool, but so long as covert nodes exist the whole of the network is still accessible even in information-controlling regimes. Second, your operating system -- if you're running something like a Linux distro, or macOS using Homebrew, or heck, even Windows with msys2/mingw -- *BREAKS*. You can't get updates any more. Let's look at why, using the package manager in msys2/mingw/Arch Linux. It's called pacman. In pacman, each package is signed by the package maintainer. The package maintainer's certificate is in turn signed by at least three other pacman maintainer certs. E.g., if you manage a package called "fooblitzsky", you sign the fooblitzsky packages with your cert, and three msys2 maintainers sign your cert. This way, end users can be confident that you, the maintainer, personally authorized this release, and that you're trusted by the msys2 team. Now that you've taken down the keyserver network, you go to install fooblitzsky, and ... uh ... wait. You can get the package, but you have no way of getting the maintainer's cert to verify the package. _Literally every major FOSS package manager breaks. Updates become impossible._ Let that sink in for a moment. I don't think you understand anything about the ecosystem here. You're advocating burning down a _critically important part of the entire FOSS landscape._ _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users