Use keys.openpgp.org instead of pgp.mit.edu (#11249) - gitea.git - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD: https://github.com/go-gitea/gitea

diff options

author	zeripath <art27@cantab.net>	2020-04-30 10:08:43 +0100
committer	GitHub <noreply@github.com>	2020-04-30 12:08:43 +0300
commit	1853131d42dd69ddb062946373fb4d2230992ab1 (patch)
tree	fb11efb3b8389f05791d6114faac684f089357d8 /Makefile
parent	a2683e5ddb65c4fb4455872cbf377b59dba14f86 (diff)
download	gitea-1853131d42dd69ddb062946373fb4d2230992ab1.tar.gz gitea-1853131d42dd69ddb062946373fb4d2230992ab1.zip

Use keys.openpgp.org instead of pgp.mit.edu (#11249)

The SKS Keyserver network has been under attack with poisoned certificates since at least 2019. Downloading a poisoned certificate has the awful side-effect of completely breaking your keyring and most software has now moved off the network and uses the keys.openpgp.org which has a different protocol instead - in fact one whereby emails are verified. For more details regarding the attack see: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f See: https://keys.openpgp.org/about and https://keys.openpgp.org/about/faq Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

Diffstat (limited to 'Makefile')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: