On 07/26/2018 06:14 PM, Ralf Mardorf wrote: > On Thu, 26 Jul 2018 23:45:32 +0200, Peter Nabbefeld wrote: >> Thank You Morten! But I still have problems: From the wiki I >> understand, I should set "keyserver-options auto-key-retrieve" in >> ~/.gnupg/gpg.conf, which is set. IIUC, this should automate the magic >> to fetch the PGP key. But building still fails. With aura, I've the >> option to acceppt the package anyway, but I'd prefer to know the >> correct way. > > I can't comment on the Wiki, since I didn't read it. Note, > auto-key-retrieve means that any software automatically will > retrieve new keys from the default keyserver. An excerpt from the gpg > mangape, that belongs to auto-key-retrieve: > > $ man gpg | grep '\"web bug\" l' -A1 > Note that this option makes a "web bug" like behavior > possible. Keyserver or Web Key Directory operators can see which keys > you request, so by sending you a message signed by a brand new key > (which you naturally will not have on your local keyring), the operator > can tell both your IP address and the time when you verified the > signature. > > I'm using an alias to manually add new keys: > > $ grep gkey= .bashrc > alias gkey='gpg --keyserver hkp://pgp.uni-mainz.de --recv-keys' What does the "web bug" have to do with this discussion? -- Eli Schwartz Bug Wrangler and Trusted User
Attachment:
signature.asc
Description: OpenPGP digital signature
