> Marek Marczykowski-Górecki: >> On Fri, Sep 13, 2019 at 06:08:39PM +0200, Achim Patzner wrote: >>> Hi! > >>> Is the setup script for builder.conf in qubes-builder still maintained? >>> If so, adding fc30 > >> In fact, setup script gets it from example-config/templates.conf. Added. > >>> and getting rid of the forced use of the MIT PGP key >>> server might be necessary. > >> That's a bit trickier. We need some key server, and recently the whole >> WoT basically got broken... From what I understand, we are supposed to >> use keys.openpgp.org now. But it looks like there is email verification >> to upload the whole key (gpg2 doesn't like keys without any UID). >> So, I see two options: >> - switch to keys.openpgp.org and ask everyone mentioned in >> qubes-builder (Patrick in practice) to upload keys there >> - distribute keys as files > > Given that the resent events were mostly triggered by the fact that the > key import of GnuPG is, let's say, a bit brittle, I think we should > include the complete keys.
Yes, I would suggest to not rely on keyservers for anything. gpg key import (in Debian buster version) might not be the most robust for handling untrusted data from keyservers. Cheers, Patrick -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/eb8ad625-181d-503e-cf4a-3c197d305802%40whonix.org.
