On Wed 2020-01-15 21:40:38 +0000, Jonathan McDowell wrote: > Y'all are welcome to (and tell prospective contributors to) send keys to > the.earth.li, which is not SKS and still accepts third party > certifications. It does some limited signature verification which I'm > generally working to improve when time allows, but I think it's a > half-way house between what we current have (trust a failing keyserver > network to have the data) and what's being proposed (implement a very > specific service to suit our needs for retrieving 3rd party certs).
It looks to me like the only thing nm needs the keyserver for is a
placeholder for keys until they land in the debian keyring (or the
debian-maintainer keyring), at which point we can rely on
keyring.debian.org.
right?
if the applicant is expected to submit this key somehow, it seems
simpler to me to have them just submit it to nm directly with the rest
of the application (e.g. "here are 9 questions, one of them needs you to
paste your OpenPGP certificate") than to say "here are 8 questions; for
the 9th question, send your OpenPGP certificate to service X, and then
paste the fingerprint of the certificate here, and we'll reassemble it
from service X later".
--dkg
signature.asc
Description: PGP signature
