On Sat, Feb 08, 2020 at 08:58:11PM +0100, Björn Persson wrote: > Stephen John Smoogen wrote: > > We plan to turn off and decommission > > keys.fedoraproject.org on 2020-02-10. > > FAS contains PGP key IDs, which are displayed as links to > keys.fedoraproject.org. Is there a plan to look up keys through some > other key server instead? Not for fas most likely, but the replacement we are working on could definitely handle this better. RFE's at: https://github.com/fedora-infra/securitas > It says that these key IDs are used for password resets, so just > dropping that would be a decrease in security. well, they are already pretty bad because fas just stores the short version, which has been subject to duplicates for... years now? Not sure what best to do here. I fear gpg is pretty much a failure these days and we need something better, but I am not sure what that is. kevin
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
