On Wed 2020-01-15 21:40:38 +0000, Jonathan McDowell wrote: > Y'all are welcome to (and tell prospective contributors to) send keys to > the.earth.li, which is not SKS and still accepts third party > certifications. It does some limited signature verification which I'm > generally working to improve when time allows, but I think it's a > half-way house between what we current have (trust a failing keyserver > network to have the data) and what's being proposed (implement a very > specific service to suit our needs for retrieving 3rd party certs).
It looks to me like the only thing nm needs the keyserver for is a placeholder for keys until they land in the debian keyring (or the debian-maintainer keyring), at which point we can rely on keyring.debian.org. right? if the applicant is expected to submit this key somehow, it seems simpler to me to have them just submit it to nm directly with the rest of the application (e.g. "here are 9 questions, one of them needs you to paste your OpenPGP certificate") than to say "here are 8 questions; for the 9th question, send your OpenPGP certificate to service X, and then paste the fingerprint of the certificate here, and we'll reassemble it from service X later". --dkg
signature.asc
Description: PGP signature