Your message dated Tue, 03 Jan 2017 03:10:42 -0500
with message-id <[email protected]>
and subject line Re: [pkg-gnupg-maint] Bug#784286: dirmngr keyserver should
default to hkps://hkps.pool.sks-keyservers.net
has caused the Debian Bug report #784286,
regarding dirmngr keyserver should default to
hkps://hkps.pool.sks-keyservers.net
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
784286: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784286
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: dirmngr
Version: 2.1.3-1
Severity: wishlist
We now have a robust hkps keyserver pool, as detailed at
https://sks-keyservers.net. This provides transport-layer encryption
to the pool of keyserver operators.
This doesn't solve all available problems:
* It doesn't prevent information leakage to the keyserver operators
themselves.
* it doesn't protect users from malicious keyserver operators who
want to deny updates
* it doesn't protect users from traffic analysis by the network
operator (there's no padding in TLS yet)
However, it does mean that by default, keyserver queries aren't
visible in the clear to anyone on the network, and that the traffic
can't be tampered with by anyone on the network path.
We need to think a little bit about how we'll manage the certificate
authority (see "HKPS pool verification" at
https://sks-keyservers.net/verify_tls.php), but i think that is likely
to be manageable.
--dkg
-- System Information:
Debian Release: 8.0
APT prefers stable
APT policy: (500, 'stable'), (200, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages dirmngr depends on:
ii adduser 3.113+nmu3
ii libassuan0 2.2.0-1
ii libc6 2.19-18
ii libgcrypt20 1.6.3-2
ii libgnutls-deb0-28 3.3.8-6
ii libgpg-error0 1.19-1
ii libksba8 1.3.2-1
ii libldap-2.4-2 2.4.40+dfsg-1
ii libnpth0 1.0-1
ii lsb-base 4.1+Debian13+nmu1
dirmngr recommends no packages.
dirmngr suggests no packages.
-- debconf-show failed
--- End Message ---
--- Begin Message ---
Version: 2.1.16-1
On Sun 2017-01-01 04:13:11 -0500, intrigeri wrote:
> that's fixed in 2.1.16, right?
>
> The upstream changelog reads:
>
> 2016-11-17 Daniel Kahn Gillmor <[email protected]>
>
> dirmngr: Use a default keyserver if none is explicitly set.
Yes, that's right. This message should close #784286.
--dkg
--- End Message ---
