This repository has been archived by the owner on Oct 19, 2022. It is now read-only.
Broken instructions for PGP signature verification #1500
Comments
|
Since this issue is already a month old and the solution seems very easy, is there any progress already? |
|
It is now April 2022 and the website still says to use the broken URL. For anyone looking for a workaround, try any "direct" PGP keyserver, for example, pgpkeys.eu |
tcitworld
added a commit
that referenced
this issue
Apr 18, 2022
sks-keyservers.net is dead Closes #1500
tcitworld
added a commit
that referenced
this issue
Apr 18, 2022
sks-keyservers.net is dead Closes #1500 Signed-off-by: Thomas Citharel <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
The download page suggests getting the Nextcloud PGP key using this command:
The SKS-Keyserver network is going down. https://sks-keyservers.net/ has the following statement (if you ignore the certificate warning):
And indeed,
ha.pool.sks-keyservers.netno longer resolves, breaking the signature verification instructions.What is the preferred alternative now?
key.openpgp.org? The key seems to be available there, but the identity is not verified.Of course is is also still available on https://nextcloud.com/nextcloud.asc.
However, I personally would prefer some standardized solution that is directly supported by
gpg. Aside fromkeys.openpgp.org, Web Key Directory (WKD) comes to mind. In a nutshell, WKD only requires hosting the key in a well-known location onnextcloud.com(see https://wiki.gnupg.org/WKD and https://wiki.gnupg.org/WKDHosting).In summary I'd like to suggest doing at least one (but preferably both) of the following:
keys.openpgp.orgAnd, of course, the signature verification instructions should be changed accordingly.
The text was updated successfully, but these errors were encountered: