Re: [Sks-devel] Clustering (Was: New Keyservers and Dumps)
I've setup my cluster with separate filesystems, as I believe locks are created on the bdb so the sks instances would lock each other if they shared, otherwise i would have used nfs or gluster. Kind Regards, Mike On 24/08/18 10:36, Gabor Kiss wrote: > On Thu, 23 Aug 2018, Kristian Fiskerstrand wrote: > >> Are the servers clustered in any way? In my experience each site needs >> at least 3 nodes to ensure proper operation (mainly if A and B are >> gossipping C can still respond to requests, depending on the amount of >> traffic / speed of the node to return more is better) >> >> So clustered setup is more important than large number of individual >> servers, as there is no retry functionality in dirmngr. > A question: > Does an SKS cluster need multiple storage space, > or nodes can share the database? > > Cheers > > Gabor ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] seeking peers for sks.itq.de
On 26/07/18 15:41, Shengjing Zhu wrote: > On Thu, Jul 26, 2018 at 10:17 PM Matthias Wassermann > wrote: >> I have loaded a keydump from ftp://keyserver.mattrude.com/current, >> dated 2018-07-23. >> I see 5102357 keys loaded. > It's far behind the network, currently it's near 5244773. > 23rd was in the middle of a large injection of keys (22nd to 24th) just bad timing :) ps: I can't remember if I'm supposed to top or bottom post on this mail list... ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] history
I suspect the injection of keys triggers the berkley db auto-clean job, which wipes out the daily historic data (maybe). On 23/07/18 17:36, Michael Jones wrote: > > also, i can see there seems to be alot more keys the last 2 days; > > key count > On 23/07/18 17:33, Michael Jones wrote: >> >> Why do all of the sks keyservers that are in sync have only a history >> of 2 days? >> >> in sync >> >> >> vs: >> >> out of sync > ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] history
also, i can see there seems to be alot more keys the last 2 days; key count On 23/07/18 17:33, Michael Jones wrote: > > Why do all of the sks keyservers that are in sync have only a history > of 2 days? > > in sync > > > vs: > > out of sync ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] history
Why do all of the sks keyservers that are in sync have only a history of 2 days? in sync vs: out of sync ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] broken node
Hi, I was away on work, came back to one of nodes I host ran out of disk space. Users of the service would not have been effected as this node doesn't serve web traffic other than the default key stats page. And keys would have continued to sync via a backup node. Node is back in and fixed. (this is for the service at sks.mj2.uk) Kind Regards, Mike ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] disk full, keys.niif.hu crashed
some nodes have the db cleanup, some nodes have loggging; Graph of disk space There was definitely an injection of keys, will perform some clean up ops later. Kind Regards, Mike On 15/06/18 13:27, Paul M Furley wrote: > Glad I wasn't the only one :) keyserver.paulfurley.com also got > destroyed, rebuilt this morning. > > I've been getting a lot of traffic alerts from my host lately (>200MB > per hour), anyone know if there's a reason there's been a lot more > traffic lately? > > I haven't yet managed to investigate if it's peering traffic traffic > from the pool. > > Kind regards, > > Paul > > On 15/06/18 08:40, André Keller wrote: >> Hi, >> >> On 15.06.2018 05:54, Kiss Gabor (Bitman) wrote: >>> Yesterday at 18:15 (CEST) keys.niif.hu started to produce tons >>> of logs in /var/lib/sks/DB. In less than 2 hours the 40 GB filesystem >>> got fulfilled. >>> Deleting files and restarting processes did not help: >> keys.communityrack.org shares the same fate. Trying to get it online >> again... >> >> >> Regards >> >> André >> >> >> >> >> ___ >> Sks-devel mailing list >> Sks-devel@nongnu.org >> https://lists.nongnu.org/mailman/listinfo/sks-devel >> > > > ___ > Sks-devel mailing list > Sks-devel@nongnu.org > https://lists.nongnu.org/mailman/listinfo/sks-devel signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] SKS apocalypse mitigation
What if the approach was to either have a web of trust to whitelist users able to upload images, or even more stringent strip all image data. Is image data essential to operating? I hardly ever look at the images, and these images could be shared via other means. The keyservers would continue to operate with keys and revocation keys but no image data? >From memory the image can be removed from any key locally, so there is no reason that on submission it could not be removed. Doesn't solve all the issues, but would prevent malicious use of our servers in a direct manor. On 25 Mar 2018 8:12 p.m., "brent s."wrote: On 03/25/2018 07:39 AM, Andrew Gallagher wrote: > >> On 25 Mar 2018, at 03:37, Phil Pennock wrote: >> >> Disappearance of >> public keyservers would be a major inconvenience, but not a disaster. > > Considering that keyservers are currently the only resilient way to distribute key revocations, I’m not sure I would be so sanguine. If I’m hosting my key exclusively on WKD or some other web based service, it would be easy to prevent key revocations from being distributed. Granted, revocation is imperfect at the best of times. But SKS is the best tool we have at the moment, and the ecosystem would be severely damaged without it. > > A > I strongly and vehemently agree with both sides. On a more serious note (albeit somewhat off-topic), and admittedly much less deplorable a consideration - has the topic of copyrighted material being distributed in keys (notably in the image data) come up at any point? I suggest the same mechanism used in this approach should also be applicable to those instances as well. Under DMCA in the US, keyserver operators would be liable for this data (as we would be "distributing" it) and responsible for its removal for compliance. I presume many other countries have similar copyright laws/stipulations as well. (Ironically, many if not all of agents for intellectual property reclamation have PGP keys themselves on our servers, as one of the stipulations for a DMCA's validity per § 512(c)(3)(A) (found here[0]) is "A[n] ... electronic signature of a person authorized to act on behalf of the owner of an exclusive right that is allegedly infringed.") [0] https://www.law.cornell.edu/uscode/text/17/512 -- brent saner https://square-r00t.net/ GPG info: https://square-r00t.net/gpg-info ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] disk space
Time for an upgrade of disk space on my nodes, if anyone is interested in the usage over time, here's a 6month graph; zabbix, disk usage signature.asc Description: OpenPGP digital signature ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Something broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 19/11/16 15:20, Valentin Sundermann wrote: > Hey, > There seems to be some HSTS setup blocking access to http://keys.vsund.de:11371/pks/lookup?op=stats ? >>> Not HSTS but; > HSTS only prevents a "real" browser from viewing it. As of my > understanding, all other client implementations shouldn't have > problems with HSTS on the domain but HTTP traffic at port 11371. So > I'm sure it isn't a problem. > >>> 139752133074456:error:140770FC:SSL >>> routines:SSL23_GET_SERVER_HELLO:unknown >>> protocol:s23_clnt.c:794: >> >>> (proxy is sending https traffic to http) >> >>> ie no ssl offload. > I'm pretty sure that this is because of my ssl settings (I only > accept TLS 1.2 atm). But the clients shouldn't have problem with > this either, because they use the plain protocol at port 11371. > >> + a rewrite rule to https, (I hadn't visited the url before so >> HSTS wouldn't apply) > There is one at port 80 but not at 11371. If I understood it > correctly, the client implementations expect to have plain traffic > at port 11371. So having a rewrite there would confuse them, I > guess. > > Best regards, Valentin Sundermann I had another look as this was confusing me; turns out HSTS can be enabled without a header... https://hstspreload.appspot.com/?domain=vsund.de at some point or presently the tld had been parsed with preload; as such the domain has entered a hsts database used by common web browsers. Kind Regards, Mike -BEGIN PGP SIGNATURE- iQEcBAEBCAAGBQJYMJAmAAoJEOYwtpHNe8Fm+2YIAJV3w5uUOl1FoEUyvuA5HYZb tfgC+egBS1ePQViwENdCGPsvEfTEcJqvtHpNT3ZEeledx5HbFRqOb67mpK1jlkHV XIbfcwBKjSjzYslHqlTz6Uw9BZMnI028xxQi1D7eZp+aa3bCFVgoqEGFsyao4U0s 4F3r5QP5te+Vw9cWBnOiTxE3nrCgddr80KuMIBCwpzIMKI1Lg6/IRRCer0Bwh1ih EhoMP32OSKPKtAQQwdtn/DyOOr3aIwcrcCogtsTNE8jiJD1XxuDgqgT95zCBw9Tj Ln/RaKUz5n85ULCjPJyCz8l8H7u7HxULoKWEW8fDp3MxhbDjgvxUP16ps+dWhQI= =kkrl -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Something broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 19/11/16 04:16, Michael Jones wrote: > On 18/11/16 23:55, Kristian Fiskerstrand wrote: >> On 11/19/2016 12:43 AM, Valentin Sundermann wrote: >>>> Hi, >>>>>> Do you mind me asking how you got those charts on your >>>>>> page? Tried the Github files linked to at the bottom >>>>>> but they only appear to give me a different key search >>>>>> page. >>>> Oh, I could have known that this leads to confusion. I >>>> copied the HTML from the main page to get a consistent look. >>>> The GitHub link points to Matt Rude's repository for a >>>> pretty frontpage for a keyserver's search. >>>> >>>> I'm sorry to say, but the code that generates and displays >>>> the charts isn't anywhere available yet. The PHP behind it, >>>> is the most dirtiest bit of code I ever wrote... I planned to >>>> rewrite it in a tidier way and put it somewhere on Github but >>>> I couldn't find time yet. Probably I'll do in the next 1-2 >>>> weeks, but no promises here :) >> There seems to be some HSTS setup blocking access to >> http://keys.vsund.de:11371/pks/lookup?op=stats ? > > Not HSTS but; > > 139752133074456:error:140770FC:SSL > routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794: > > (proxy is sending https traffic to http) > > ie no ssl offload. > > Mike > + a rewrite rule to https, (I hadn't visited the url before so HSTS wouldn't apply) -BEGIN PGP SIGNATURE- iQEcBAEBCAAGBQJYL9LnAAoJEOYwtpHNe8Fm458IALG2zO+WfnQmCFbwXv7NBfdB I1aUPjLzzbmSupssMne2Ka2m6MCCI2GQXdvvGO9SbIys6hFi4fTJlVVWik1ydd8s /wq8h/zg+UBEXdaWP6KYGIKprVzrvNukq52HzS1J7LKal+FobDrgxyYiPVtFpqV+ U5lArx9SKuiVqCoMQIOrFWWkq9EV5ZqYyFbRJRKTokoJYiuRmkM1hy/55aCscl/6 D0I+kXcwix5+VP5CkcndZ+A2mdHchDxw4IyTG6Pc2Rf3rSOHq4oZCrW9sB7TTJ3q jld9rcNMDcMRBZpZc4U7X+a1q3clJPBTqT8I5ryubQjfcfuBJYstYeE7kyXsbGY= =fbi4 -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Something broken?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 18/11/16 23:55, Kristian Fiskerstrand wrote: > On 11/19/2016 12:43 AM, Valentin Sundermann wrote: >>> Hi, > Do you mind me asking how you got those charts on your > page? Tried the Github files linked to at the bottom but > they only appear to give me a different key search page. >>> Oh, I could have known that this leads to confusion. I copied >>> the HTML from the main page to get a consistent look. The >>> GitHub link points to Matt Rude's repository for a pretty >>> frontpage for a keyserver's search. >>> >>> I'm sorry to say, but the code that generates and displays the >>> charts isn't anywhere available yet. The PHP behind it, is the >>> most dirtiest bit of code I ever wrote... I planned to rewrite >>> it in a tidier way and put it somewhere on Github but I >>> couldn't find time yet. Probably I'll do in the next 1-2 >>> weeks, but no promises here :) > There seems to be some HSTS setup blocking access to > http://keys.vsund.de:11371/pks/lookup?op=stats ? Not HSTS but; 139752133074456:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:794: (proxy is sending https traffic to http) ie no ssl offload. Mike -BEGIN PGP SIGNATURE- iQEcBAEBCAAGBQJYL9IKAAoJEOYwtpHNe8FmcBIIAL7tdJ+PmGkVGJBLGo2DgimQ EqBdVCvzSN/boFwtM3HnqcTbsopmKY15i5Ob3jdXmnu13OJ1ofOp+TGFH7hmR0xb n2M8Db6rVrpwFDFEcZltG/j2eYklfOFgtMIlJXaACLG0S2ijHPf5Z99EHU6pMm0a q1s49LGJbVkXzx5PNBp2ldjWihhl6P50cxXVs7HrLKBneUhvF4bAAGYmV7yy/Umh vzdEy3WnzJgDzgR53bxzs54lGd9ihvxYI76fzVxi0w7qatIxcOGVHn6j/W8iU2XN 5RmJCV/T15DQArb60ay7ea0kALkcv8jO/U9/t1oRU35hykCuT+n2VDu1ZcSdTKM= =fsQl -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] pool membership
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 03/10/16 21:44, Valentin Sundermann wrote: >> However, my key server, >>> keyserver.brian.minton.name, does not appear in the pool status >>> page. Not even in the "Servers currently not in the pool" >>> section. I thought it would automatically show up. Any >>> thoughts? > Your keyserver is on the exclusion list at Kristian's scanner[1]. > I think when somebody uploaded the cloned strong set to the > keyserver network[2], it was your server which got hit with it. > These issues should be over and so I guess Kristian will remove you > from this list when he reads it. > > Best regards, Valentin Interesting, Would it be of any value to introduce rate limiting on my set? maybe limit an ip after 100 new keys in 30 mins? (Lots of southern europe isp's nat through a single ip), so whatever the trigger limit it would have to be a high one. Once the initial trigger is hit it would be able to either slow down or disable uploading of keys from that ip for said time period. Even coming over tor or another distributed network to spam the service would cause a headache? Is there any value in looking into this? Or perhaps this would be more appropriate as a possible future feature of the sks keyserver source? Whatever the solution would need to be easily implemented on all peers. Just some thoughts... Kind Regards, Mike -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX8siVAAoJEOYwtpHNe8FmrQAH/iE0rsKLztModP7rnBd07C3e PTppzo+WHRskyPrJ8AzAYeG9xvX4rQibYsjjX9+KHbZDx5D1p/q45icYivEnoxSy Y3AaM5BfPI5Cw+MHwVgEhd13NvwQojRyjqp1XGOb4+Nu+dlf38ejuyLxK0/fDTkX wgmbER7ItPVABZJPA7FgXH+sfJZyjl0U47BiaJ4pUMyUzXVUpHC7NkH3due84Ip8 QWmisJ15h2rKjSwQpLaB2QUlgwFcV3bywRcR4+K7MMC/sdmk2ugC4JFbxcq9qOjO Qu8i/xRo4qRjok4EnbS5O188bUznccmTIwY6mNH70zOUHQv1BVm/eOjCvq8MDbY= =ZV6l -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] service interuptions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, I run sks.mj2.uk. I've introduced a few things in haproxy including master node auto failover (failover master node will recon with the master node until the master node falls down, then the failover node will recon with normal peers). I need to run a couple of tests that may cause service interruptions (take down the master node). Will post a blog entry with the latest config upon completion. Kind Regards, Mike -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX5sbLAAoJEOYwtpHNe8FmdFgH/iyxc0V/fjY+ucponxEp5TSn rkun1Ri/KHJvTYLRXw9aUzDy09Og9zxQXuSguLb6JjuYQdYffFOiR8TnXaJv2gip 6mKetU7HMZ5W9MMM6a5A4FI8tyL4up7Ub5PGrP8m5Y3mVCeYMqNnQ155TGgf+mE5 /ivdbeFV/jzdujkIp67Au8TKlTG0Lfd2FGBGf0mbRqejRCeU5PPtLNjrMz9uePJm B1cKkOU/HBct0vaVqaWrfe+B8LHF2OwpoORcUItWgVndbbk2EVbsoZPqSzie8cnp ug+JYHwcuMZ4k0+1It+u1wgAGxDodN+1UJYh6WnyoWiC7liDMW5Gkg9/U8djn0M= =s7qq -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Making keys unusable with spamming similar uids
On 14/09/16 15:27, Valentin Sundermann wrote: > Hey sks-devel, > > when searching for common terms (i.e. "test") on a keyserver, I > hit a limit of matches sometimes. > > Assumed that I'd be a bad person, I should be able to make a > choosen key unusable by creating and uploading keys with similar > name, email address and so on. If somebody searches for that email > address, he should hit the limit and cannot get the key. (And > yeah, it's still possible to get the key with the exact fingerprint > but I guess it's inconvenient for "normal people".) > > Do I miss something or is it actually possible to make keys > unusable with such an approach? as per evil32's demo of 32bit key dupes it's possible to flood these, but it costs cpu, and even so you can search the keyid-format long value . eg; 0x1992274E129BAF74 > > If it should be possible: I think something like a pagination > should solve it on a simple level (although the user has to scroll > through the pages and identify the right key). And another thing > would be how client implementation would treat pagination... pagination is an interesting idea, and even more so key ordering which is currently ordered by key creation date... changing the search results order would be hard and have politics... as search results order can't be easily changed, pagination does not solve the issue (valid keys will be at the bottom of the pile). the issue being a topic that comes up often enough, what to do with spam... Kind Regards, Mike ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
[Sks-devel] sks 1.1.6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Introduced my first 1.1.6 node. CentOS7 Hostname: sks.mj2.uk Nodename: node3.sks.mj2.uk Version:1.1.6 Will review in a few days. Kind Regards, Mike -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJX2eAMAAoJEOYwtpHNe8FmnecIAJSFamXE5W4ph8nIAsmSmN3j LbEkmJkBm/QSKeGRHiy7BRJL7ZKhNlR0tsY3ztHho7Bi2BKcBmqtUjwpMxxFSqiF uv5NC9yNN9/Hy+8nsRAZY8LMsjN/YAHHdAqiOBL2xICJ1DmHCQTNzkLlw+jA3CEf 8XHFX1oiEvcpig9at8iG3J/HNrJeIrQn6wbV/ki+M1WIA2LVXbmLIbYhO1LqDZdp anxRcgJqsL4fOnO+BzdBwWmXISmo0AGEN5TysMEpr9yPaFb7fcx+h+pX/IL6fLeJ Fh3quz43k5tTowapbdmzgdOKsIqW8pvQoJ+nlrdS0acImk9H636LyBGlPcVJrYk= =TNtm -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] Need a lot of hand holding (sorry)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 21/08/16 15:09, Danny Horne wrote: > If you mean the dump I checked on both occasions and all was well. > Going to strip everything out and use /var/whatever as the base > directory (every howto I've seen says use that directory), just > worried that space might be at a premium on that directory Sounds like a setting error in sks config regarding path or ownership. check the script, the error comes from a function called "fail", which is called only when any of the /usr/bin/sks commands fail. I'd suggest debugging the bash script to see what you are actually running... (use the debug flag when calling the script). This will show any paths used from config... ps, if you really wanted to switch the dir you execute the script in, whilst using the disk space of another path, you can mount bind (but as this is not the solution I don't recommend). Kind Regards, Mike -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXubwBAAoJEOYwtpHNe8FmIGIIAL0gu3Le2XvsjzjYLb+A09Od gO0W8ahjmDEp+fYZapTBhpaTHIRNrktS5g9hnRcLbip8sK9UGm4AS4RnmkNWqnat ddwC0kZzJQxgHPv5x60tsaV1cZBn/QeYlATf59rVpH95V8KeobmNOxITPkx5AF9f EncJmBcnJfG9nb0Fuw5ICWPOUSxamOwbINLnats9Jyb/HRd67sBZl0UeoSTw9Pei 0vKx1ePPjDIhbZb7A1P/bnfAbof8M2ipOZlapSdbN87VZRjBgUdBBM2RbLPtK+X4 TCpuVOaXEEtyVGqnUo+CgE4CjwEoSSqjEkVeoIvRQBG4c/FIuMxcwZ09cGcW3YA= =ZYCl -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel
Re: [Sks-devel] peers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi, anyone willing to peer in Eu (Server in france). Kind Regards, Mike -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJWQUiRAAoJEOYwtpHNe8FmY38H/R0u+zAwnefNi9OsjJE2JEnp LBPlZAyo1CyADk67PvmAUBXfD2fgfp/+DOnlDwbZ+4KPx1cXwcQRZjAME4uWxr2j 1cV9pIdeV22BByekKw2C3vT9+UFRkbeT+cU1WnzPpLzcQaMAhGwhUGuXkN9WxbTI njW7GUmI5V9yvF/kl7xHl6jTMGmPwW93sCioUR7iX+N6Ir9zf2PRzfTNhi9n7jcq OxFAEC+kJxTS7GLZtrtuMHRmD4T16567tAlz+AvSouqEJK4yiZgMiezew7G8HvNW 4vLGt7r/y5XHhwrhGycgP13i0HiGarbH1fN21t3F2OMsRopwOPjc3/FJkOT0fpw= =8+7I -END PGP SIGNATURE- ___ Sks-devel mailing list Sks-devel@nongnu.org https://lists.nongnu.org/mailman/listinfo/sks-devel