Web lists-archives.com

Re: Convenient access to Debian keyrings




On Sun, Apr 02, 2017 at 11:29:22AM +0800, Paul Wise wrote:
> On Sun, Apr 2, 2017 at 7:06 AM, gregor herrmann wrote:
> 
> > % crontab -l | grep debian-keyring
> > 30 17 * * * /usr/bin/rsync -rlptDq "keyring.debian.org::keyrings/keyrings/*.gpg" /home/gregoa/.gnupg/debian-keyring
> 
> The rsync protocol is unencrypted, I'd suggest switching this to SSH
> (one colon instead of two). You could also use rsync over TLS on port
> 1873 (uses the same cert as via http). I couldn't easily work out how
> to do it with stunnel but the following works with socat. I thought
> there was also a way to verify the keyring when it was at rest but
> can't find where I saw that.

If you do an rsync of keyring.debian.org::keyrings (no second keyrings/)
you get a sha512sums.txt file as well which will be signed by one of
keyring-maint.

J.

-- 
   Give me liberty or I will cut   |  .''`.  Debian GNU/Linux Developer
               you.                | : :' :  Happy to accept PGP signed
                                   | `. `'   or encrypted mail - RSA
                                   |   `-    key on the keyservers.

Attachment: signature.asc
Description: Digital signature