[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Cease of operation: *.gnupg.pub
From: |
Travis |
Subject: |
Re: [Sks-devel] Cease of operation: *.gnupg.pub |
Date: |
Mon, 23 Apr 2018 10:43:24 -0500 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 |
On 04/23/2018 10:24 AM, Franck Nijhof wrote:
> Hi there,
>
> Via this message, I am announcing the cease of operations on the servers:
> *.gnupg.pub.
>
> I have started this experiment some time ago and have enjoyed it pretty much
> and reached my goal; Getting my server in the pools most of the time, by
> getting the highest possible score (without HA).
>
> The time has also come to make some confessions. Those scores my server got,
> are not real. I have studied the code running the pools quite a bit and
> discovered quite a few flaws in it. Which I successfully exploited to get a
> higher ranking, resulting in my pretty low budget VPS to be in multiple pools
> almost all the time. I am not going to expose those flaws right here.
> Nevertheless, I do think it is pretty severe that this system is that easy to
> manipulate. Even worse; I did not even get into doing extreme things since
> that was not necessary at all.
>
> With all due respect, the code running the SKS pools and website are in a
> pretty sad state. In my humble opinion the code should be made public on a
> decent open source platform (e.g., GitHub), refactored and exposed as much as
> possible in order to gain feedback and improvements from other developers.
> While doing that, add some decent CI/CD as, including some static code
> analysis tooling.
>
> Don't worry; the data is not being exploited at all. Nor did peering with me
> had any effect on your services. That was never my intention of this little
> project.
>
> Thank you for learning me so much from GPG and the inner working of the SKS
> pools that are so important to the GnuPG community and its users.
>
> With kind regards,
>
> Franck Nijhof
The code is available at:
https://bitbucket.org/skskeyserver/sks-keyserver/overview
https://git.sumptuouscapital.com/?p=sks-keyservers-pool.git;a=summary
It'll be great to have your contributions to help improve the project.
Travis
signature.asc
Description: OpenPGP digital signature