On Mon 2018-01-15 17:45:49 -0500, Robert J. Hansen wrote:
> _Literally every major FOSS package manager breaks.  Updates become
> impossible._

while i agree with rjh that destruction of the current SKS-based
keyserver network (either by technical or legal means) would today be a
net loss, this statement goes too far.

the debian package manager does not directly use the keyserver network,
and debian archive signing keys are themselves distributed as debian
packages.

the keyservers can occasionally be used as a way to find updated keys
for a system that has been offline for years, to "re-bootstrap" the
package manager, but dpkg and apt are certainly not reliant on the
keyserver network to do their thing.

Third-party repositories also do not need the keyservers to function
properly, if they're configured in a sensible way:

    https://wiki.debian.org/DebianRepository/UseThirdParty

Regards,

        --dkg

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to