Well, the idea would be for these “researchers” to play with, and at least have something “newish” where I have some ingress point that propagates to some others,
> On 17 Jun 2018, at 14:59 , Andrew Gallagher <andr...@andrewg.com> wrote: > > You can’t do it using recon, because any additions to the test server will > cause the key delta to diverge and recon will eventually fail. Do you mean that the recon *needs* a similar from the destination? I don’t really care about it failing, it’ll then be a re-spin as you said below, but for example, the idea might be to inject problem keys into the tet environment, and the test environment’s problem keys not to “infest” the current public SKS keyservers. > The easiest way might be a docker image that pulls the latest dump from one > of the public dump sources and spins up a fresh SKS instance from it. Then if > you want to update the key database, you just redeploy the docker image. The type of troubles we saw, I read as something that was caused as the updates was being recon’s between servers, after the problem keys was already injected, thus the idea would be multiple servers to test against, having some ingres feeeds from the public servers, but no egress to the public side. Might be good for others to test there “test certs/keys” against before actual publication?? --- Hendrik Visage
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
