tickets #48203

https://keyserver.opensuse.org/ delivers download.opensuse.org

Added by gunnersson 12 months ago. Updated 11 months ago.

Status:ResolvedStart date:
Priority:NormalDue date:
Assignee:TBro% Done:

100%

Category:servers hosted in NBG
Target version:-
Duration:

Description

Dear all!

Currently --- 2019-02-21 14:10 CET ---

https://keyserver.opensuse.org/

delivers

download.opensuse.org ("openSUSE download server")

haven't checked by myself so far, if

ISP error (mine, maybe yours)

DNS error (mine or yours)

server error (yours)

Thank you,

Gunner Gewiß

History

#1 Updated by pjessen 12 months ago

  • Private changed from Yes to No

Thorsten took down keyserver.o.o due to privacy concerns - we should probably just remove the DNS entry.

#2 Updated by cboltz 12 months ago

  • Category set to servers hosted in NBG
  • Assignee set to TBro

That, or display a "service discontinued" page on keyserver.o.o. (IIRC we already have such a page, so adjusting haproxy should be enough.)

Thorsten, your decision ;-)

#3 Updated by gunnersson 12 months ago

Thank you, guys, for your reply and awareness! (comprehensible in most way)

But, just a "stupid" question  --- though it's probably not the right
place here to really discuss that broadly:

Despite of all that stuff like "e-mail vs instant-messenger",
"privacy-aware vs anything-else"... I (personally) have the feeling that
PGP in general is somehow dying. When I run an
openSUSE system I can PGP check every repository or package derived from
some master one --- but how do I check the master? There is the SKS
infrastructure for PGP/GnuPG key-servers, and openSUSE (so far) listed
there, and there are cross connections (peering servers) available...
But what about redundancy and federal autarchy if more and more servers
going off?

Thank you and keep goin'

Gunner

Am 22.02.19 um 23:40 schrieb admin@opensuse.org:

[openSUSE Tracker]

Issue #48203 has been updated by cboltz.


Category set to servers hosted in NBG

Assignee set to TBro


That, or display a "service discontinued" page on keyserver.o.o. (IIRC we already have such a page, so adjusting haproxy should be enough.)


Thorsten, your decision ;-)




tickets #48203: https://keyserver.opensuse.org/ delivers download.opensuse.org
https://progress.opensuse.org/issues/48203#change-192119


  • Author: gunnersson
  • Status: New
  • Priority: Normal
  • Assignee: TBro
  • Category: servers hosted in NBG

* Target version:


Dear all!


Currently --- 2019-02-21 14:10 CET ---


https://keyserver.opensuse.org/


delivers


download.opensuse.org ("openSUSE download server")


haven't checked by myself so far, if


ISP error (mine, maybe yours)


DNS error (mine or yours)


server error (yours)


Thank you,


Gunner Gewiß

#4 Updated by TBro 11 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Thanks for the hint, we moved now keyserver to our deprecated services side, that users are informed.

Yes this is a very sad story, that the keyserver software is old and unmaintained and slowly dying and somehow there needs to be a solution for this. I saw some promising projects for newer and shinier SKS-replacements but this is WiP ... let's see what the future brings.

For the distribution, I guess we will provide on software.o.o or some side like this via HTTPS and with HSTS enabled our GPG PubKeys which than should be than secure enough, given that you download the software from us as well via https and trust in this transport security. But yes, these are things which need a talk...

Best regards,
Thorsten

Also available in: Atom PDF