[
https://issues.apache.org/jira/browse/WHIMSY-274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sebb resolved WHIMSY-274.
-------------------------
Resolution: Fixed
780438f [WHIMSY-274] Use keys.openpgp.org
> Switch to hkps://keys.openpgp.org for downloading keys
> ------------------------------------------------------
>
> Key: WHIMSY-274
> URL: https://issues.apache.org/jira/browse/WHIMSY-274
> Project: Whimsy
> Issue Type: Improvement
> Components: SecMail
> Reporter: Matt Sicker
> Assignee: Craig L Russell
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
> The SKS keyserver pool is now infected with some bad certificates which can
> cause a denial of service attack to gpg (and likely other similar tools). It
> sounds like it would be prudent to either disable downloading keys or switch
> to a safer keyserver for now.
> Ideally, users should be able to upload their own GPG keys, and that uploader
> could automatically filter out these types of malicious keys. This would be a
> separate feature, though, but now it seems more useful.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
