Skip to content

doc: Suggest keys.openpgp.org as keyserver in SECURITY.md #23466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
real-or-random wants to merge 1 commit into from
Closed

doc: Suggest keys.openpgp.org as keyserver in SECURITY.md #23466

real-or-random wants to merge 1 commit into from

Conversation

@real-or-random
Copy link
Contributor

@real-or-random real-or-random commented Nov 8, 2021

--recv-keys without a --keyserver arg simply failed for me on a fresh Arch Linux installation, so I think it's a good idea to suggest a keyserver. OpenPGP ecosystem is broken in a number of ways, so the right way to approach this issue has some potential for bikeshedding. But the only thing that this PR does is to keep SECURITY.md in line with the instructions for builder keys, where there was agreement on switching to keys.openpgp.org (#22688).

@real-or-random
Copy link
Contributor Author

real-or-random commented Nov 8, 2021

A related issue is that I couldn't find an unexpired version of @sipa's key, neither on keys.openpgp.org (which does not sync with other servers) nor somewhere else.

@maflcko
Copy link
Member

maflcko commented Nov 8, 2021

review ACK 90f1f84

@maflcko
Copy link
Member

maflcko commented Nov 8, 2021

Wouldn't it make sense to update https://bitcoincore.org/en/contact/ as well, assuming that keyserver.ubuntu.com is non-functioning?

@DrahtBot DrahtBot added the Docs label Nov 8, 2021
@real-or-random
Copy link
Contributor Author

real-or-random commented Nov 8, 2021

Wouldn't it make sense to update bitcoincore.org/en/contact as well, assuming that keyserver.ubuntu.com is non-functioning?

keyserver.ubuntu.com is functioning but I think we should just keep the keyserver consistent everywhere.

@maflcko
Copy link
Member

maflcko commented Nov 8, 2021

I think they don't accept any key updates, do they?

@laanwj
Copy link
Member

laanwj commented Nov 8, 2021
edited
Loading

Review ACK 90f1f84

keyserver.ubuntu.com is functioning but I think we should just keep the keyserver consistent everywhere.

I agree. Ideally we would not have to suggest any keyserver. It's frustrating enough to have to play keyserver ping-pong every time when yet another part of PGP infrastructure goes down, but it seems keys.openpgp.org works for now so let's use it consistently.

BTW instead of adding it in the command line every time you could also add

keyserver hkps://keys.openpgp.org

in ~/.gnupg/gpg.conf

hebasto
hebasto approved these changes Nov 8, 2021
View reviewed changes
Copy link
Member

@hebasto hebasto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 90f1f84, agree with arguments above.

@bitcoin bitcoin deleted a comment Nov 8, 2021
Zero-1729
Zero-1729 reviewed Nov 8, 2021
View reviewed changes
Copy link
Contributor

@Zero-1729 Zero-1729 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK 90f1f84

Makes sense to keep the keyservers consistent.

real-or-random added a commit to real-or-random/secp256k1 that referenced this pull request Nov 8, 2021
@real-or-random
doc: Suggest keys.openpgp.org as keyserver in SECURITY.md
85180b8 
This is in line with bitcoin/bitcoin#23466 .
@real-or-random real-or-random mentioned this pull request Nov 8, 2021
Merged
real-or-random added a commit to real-or-random/secp256k1 that referenced this pull request Nov 8, 2021
@real-or-random
doc: Suggest keys.openpgp.org as keyserver in SECURITY.md
3b157c4 
This is in line with bitcoin/bitcoin#23466 .
fanquake added a commit to bitcoin-core/gui that referenced this pull request Nov 8, 2021
@fanquake
Merge bitcoin/bitcoin#23466: doc: Suggest keys.openpgp.org as keyse…
c702d1f 
…rver in SECURITY.md

90f1f84 doc: Suggest `keys.openpgp.org` as keyserver in SECURITY.md (Tim Ruffing)

Pull request description:

  `--recv-keys` without a `--keyserver` arg simply failed for me on a fresh Arch Linux installation, so I think it's a good idea to suggest a keyserver. OpenPGP ecosystem is broken in a number of ways, so the right way to approach this issue has some potential for bikeshedding. But the only thing that this PR does is to keep `SECURITY.md` in line with the instructions for builder keys, where there was agreement on switching to `keys.openpgp.org` (#22688).

ACKs for top commit:
  MarcoFalke:
    review ACK 90f1f84
  laanwj:
    Review ACK 90f1f84
  hebasto:
    ACK 90f1f84, agree with arguments above.
  Zero-1729:
    ACK 90f1f84

Tree-SHA512: 1ab20c837cd952aa32b57473772cbfd33411a08db6e88b951bce38f76a3c509c0e91d6944ec0ca5eac8d5eb4d98a5489276d55691328f2e2556b2640f8e7c108
@fanquake
Copy link
Member

fanquake commented Nov 8, 2021

This has been merged.

@fanquake fanquake closed this Nov 8, 2021
real-or-random added a commit to bitcoin-core/secp256k1 that referenced this pull request Nov 9, 2021
@real-or-random
Merge #1007: doc: Replace apoelstra's GPG key by jonasnick's GPG key
c74a7b7 
3b157c4 doc: Suggest keys.openpgp.org as keyserver in SECURITY.md (Tim Ruffing)
73a7472 doc: Replace apoelstra's GPG key by jonasnick's GPG key (Tim Ruffing)

Pull request description:

  I have verified the new key via other secure channels.

  This closes #1003 .

  We can skip the second commit but I expect bitcoin/bitcoin#23466 to be merged. If it won't be merged, we could still revert.

ACKs for top commit:
  sipa:
    ACK 3b157c4. I've also verified the key out of band.
  jonasnick:
    ACK 3b157c4

Tree-SHA512: 496f98121f14031bc693aa83bf208b253f79b700b4bca0b629deadc8852f76ef6d69ad90109baa771d7b9f6e4b983e4ed8dca404cf5aceffe9d520d3362b533a
real-or-random added a commit to real-or-random/bitcoincore.org that referenced this pull request Nov 9, 2021
@real-or-random
Suggest keys.openpgp.org as keyserver
d1492b6 
See bitcoin/bitcoin#23466
@real-or-random real-or-random mentioned this pull request Nov 9, 2021
Merged
sidhujag pushed a commit to syscoin/syscoin that referenced this pull request Nov 9, 2021
@fanquake
Merge bitcoin#23466: doc: Suggest keys.openpgp.org as keyserver in …
cf315e0 
…SECURITY.md

90f1f84 doc: Suggest `keys.openpgp.org` as keyserver in SECURITY.md (Tim Ruffing)

Pull request description:

  `--recv-keys` without a `--keyserver` arg simply failed for me on a fresh Arch Linux installation, so I think it's a good idea to suggest a keyserver. OpenPGP ecosystem is broken in a number of ways, so the right way to approach this issue has some potential for bikeshedding. But the only thing that this PR does is to keep `SECURITY.md` in line with the instructions for builder keys, where there was agreement on switching to `keys.openpgp.org` (bitcoin#22688).

ACKs for top commit:
  MarcoFalke:
    review ACK 90f1f84
  laanwj:
    Review ACK 90f1f84
  hebasto:
    ACK 90f1f84, agree with arguments above.
  Zero-1729:
    ACK 90f1f84

Tree-SHA512: 1ab20c837cd952aa32b57473772cbfd33411a08db6e88b951bce38f76a3c509c0e91d6944ec0ca5eac8d5eb4d98a5489276d55691328f2e2556b2640f8e7c108
harding added a commit to bitcoin-core/bitcoincore.org that referenced this pull request Nov 9, 2021
@harding
Merge #821: Suggest keys.openpgp.org as keyserver
e090689 
d1492b6 Suggest `keys.openpgp.org` as keyserver (Tim Ruffing)

Pull request description:

  See bitcoin/bitcoin#23466

ACKs for top commit:
  Zero-1729:
    ACK d1492b6

Tree-SHA512: c40201aad0bd49ada9dc2dbded6f8f75944f6951e5ea71068cf4e3a175ce1778869b8acd99c39c69312f023878979366cdf7653d22babc0f5c7c3d7d0c265672
PastaPastaPasta pushed a commit to PastaPastaPasta/dash that referenced this pull request Apr 3, 2022
@fanquake @PastaPastaPasta
Merge bitcoin#23466: doc: Suggest keys.openpgp.org as keyserver in …
8bcfec2 
…SECURITY.md

90f1f84 doc: Suggest `keys.openpgp.org` as keyserver in SECURITY.md (Tim Ruffing)

Pull request description:

  `--recv-keys` without a `--keyserver` arg simply failed for me on a fresh Arch Linux installation, so I think it's a good idea to suggest a keyserver. OpenPGP ecosystem is broken in a number of ways, so the right way to approach this issue has some potential for bikeshedding. But the only thing that this PR does is to keep `SECURITY.md` in line with the instructions for builder keys, where there was agreement on switching to `keys.openpgp.org` (bitcoin#22688).

ACKs for top commit:
  MarcoFalke:
    review ACK 90f1f84
  laanwj:
    Review ACK 90f1f84
  hebasto:
    ACK 90f1f84, agree with arguments above.
  Zero-1729:
    ACK 90f1f84

Tree-SHA512: 1ab20c837cd952aa32b57473772cbfd33411a08db6e88b951bce38f76a3c509c0e91d6944ec0ca5eac8d5eb4d98a5489276d55691328f2e2556b2640f8e7c108
@bitcoin bitcoin locked and limited conversation to collaborators Nov 8, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@hebasto hebasto hebasto approved these changes

+1 more reviewer

@Zero-1729 Zero-1729 Zero-1729 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

Docs

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@real-or-random @maflcko @laanwj @fanquake @Zero-1729 @hebasto @DrahtBot