sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] Seeking peers for keyserver.opensuse.org

From: Chris Boot
Subject: Re: [Sks-devel] Seeking peers for keyserver.opensuse.org
Date: Fri, 8 Apr 2016 09:04:31 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Icedove/38.7.0 
On 08/04/16 08:06, Lars Vogdt wrote:
> Am Wed, 6 Apr 2016 07:46:35 +0100
> schrieb Chris Boot <address@hidden>:
>> I'd be happy to peer with you, but there doesn't appear to be a home
>> page (e.g. with a search box) on your sks installation:
>> http://keyserver.opensuse.org:11371/ gives me a 404 error.
> 
> I'm sorry, I just followed 
>  https://bitbucket.org/skskeyserver/sks-keyserver/wiki/Peering
> which tells me that the root of the nginx proxy should point to the sks
> server behind 11371 and not providing any webside (as I do on port 80). 
> 
> So what is the best practice here? I found some sks servers running the
> same web-pages on 11371 and some which do not provide any webpage.

Hi Lars,

That's fair enough - I don't use nginx for my keyserver so I can't
really comment on those instructions, but it feels to me like a
keyserver should present the same interface on port 11371 as it does on
port 80. That's not to say that it's broken, and it certainly looks like
it will work for the more general use case of GPG fetching keys, it just
feels less user friendly.

>> I also have it on good authority that the operators of the
>> the.earth.li keyserver (http://the.earth.li/pgp_lookup.html) *really*
>> appreciate it if SKS users configure outgoing mailsync to
>> address@hidden To the extent that one of the operators
>> gave me a real telling off about disabling it on my server. So please
>> consider enabling this too.
> 
> So I will follow: 
> https://bitbucket.org/skskeyserver/sks-keyserver/overview
> => Outgoing PKS synchronization: mailsync file - correct?
> 
> I will contact Jonathan McDowell and ask him if I can add his server to
> the mailsync file. 

Yes, you only need the outgoing part, and certainly no harm asking
Jonathan about it first.

The problem, as I understand it, is that SKS servers will only mailsync
changes pushed directly to them and not changes gossiped from other SKS
peers. That means that servers that rely on mailsync alone will be
missing out on a large proportion of changes from the keyserver network.

With all that said, I've added you to my membership file. Please add me
in return:

sks.bootc.eu 11370 # Chris Boot <address@hidden> 0xF5C83C05D9CEEEEE

Cheers,
Chris

-- 
Chris Boot
address@hidden

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]