]> source.dussan.org Git - rspamd.git/commit
projects / rspamd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 34bb346) | patch
Switch PGP keyserver to hkps://keys.openpgp.org 3810/head
authorJoel Ray Holveck <piquan@gmail.com>
Wed, 30 Jun 2021 08:51:00 +0000 (01:51 -0700)
committerJoel Ray Holveck <joelh@piquan.org>
Wed, 30 Jun 2021 09:24:58 +0000 (02:24 -0700)
commitfaeb2e095a062f67dc172f3e563f4a8c4f6a6459
tree13c1c74c04d736130d253406c954f8cf56853ec3tree | snapshot
parent34bb346628f3fe3da1ab35700d238e29345a510acommit | diff
Switch PGP keyserver to hkps://keys.openpgp.org

The SKS keyserver infrastructure has been under attack for some time, and at the moment is unreachable.  The keys.openpgp.org keyserver has the rspamd key, and is resistant to the sort of attack that is hurting the SKS keyservers.  This change switches to that keyserver.

gpg won't load new keys from keys.openpgp.org unless the owner consented to publish the uids (see https://keys.openpgp.org/about/faq#older-gnupg).  This means you need the key imported first with the uid attached.  Here, we include the essential part of the key (the master key, uid, and its self-signature) in the Dockerfile.  We still poll keys.openpgp.org for updates, such as expiration extensions and revocations.

See https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f for background.
docker/Dockerfile diff | blob | history
Rapid spam filtering system: https://github.com/rspamd/rspamd