[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Finding a “good” OpenPGP key server
From: |
zimoun |
Subject: |
Re: Finding a “good” OpenPGP key server |
Date: |
Tue, 31 May 2022 19:44:33 +0200 |
Hi,
On mar., 31 mai 2022 at 08:09, Vagrant Cascadian <vagrant@debian.org> wrote:
> Or keep some keyrings in a git repo, if we want to keep the keys
> somewhat restricted to committers... a major problem of the public
> keyserver network is/was the ability for anyone to update or add any key
> for anybody.
>
> We've already got the keyring branch in guix.git, maybe adding an
> upstream-keys branch wouldn't be madness? Or a separate git
> repository. And then you could get it archived at software heritage or
> archive.org or whatever trivially.
I have not closely followed all the thread. Just to mention that the
upstream-keys branch or separate Git repository using Software Heritage
or archive.org as backup require some tests for complete robustness.
I have in mind some examples where it is not “trivial” to get back from
SWH; because their cooking vault is slow, because the repo is big or
complex, etc.
That’s said, I agree that Git seems the easiest for preserving keyrings.
Cheers,
simon