Gnupg2 changes from upstream

I thought I’d pass along a note from the GNU Privacy Guard (gnupg2) maintainer;

Upstream GnuPG now defaults to not accepting third-party certifications
from the keyserver network. Given that the SKS keyserver network is
under attack via certificate flooding, and third-party certifications
will not be accepted anyway, we now ship with the more tightly-constrained
and abuse-resistant system hkps://keys.openpgp.org as the default
keyserver.

Users with bandwidth to spare who want to try their luck with the SKS
pool should add the following line to ~/.gnupg/dirmngr.conf to revert to
upstream’s default keyserver:

  keyserver hkps://hkps.pool.sks-keyservers.net

See the 2.2.17 section in the upstream NEWS file at
/usr/share/doc/gnupg/NEWS.gz for more information about fully
reverting to the old, risky behavior.

– Daniel Kahn Gillmor dkg@fifthhorseman.net Thu, 11 Jul 2019 22:12:07 -0400

4 Likes