add gregf, use safe keyserver

author Ian Kelling <iank@fsf.org>

Tue, 9 Jul 2019 14:34:05 +0000 (10:34 -0400)

committer Ian Kelling <iank@fsf.org>

Tue, 9 Jul 2019 14:34:05 +0000 (10:34 -0400)
author Ian Kelling <iank@fsf.org>
Tue, 9 Jul 2019 14:34:05 +0000 (10:34 -0400)
committer Ian Kelling <iank@fsf.org>
Tue, 9 Jul 2019 14:34:05 +0000 (10:34 -0400)
diff --git a/fsf-keyring.gpg b/fsf-keyring.gpg

index 26f961b766a271d1a78fb22454ea1bb32fcf28e7..6f092368efcf824004f497c72167ae2f228bce53 100644 (file)

Binary files a/fsf-keyring.gpg and b/fsf-keyring.gpg differ
diff --git a/fsf-keyring.sh b/fsf-keyring.sh

index 170d26bd01a632ac0a8cb9f33dbbcbb994cdd696..d11a8fec3a38a2b9343bc5406e11216c4aba954a 100755 (executable)
--- a/fsf-keyring.sh
+++ b/fsf-keyring.sh
@@ -8,7 +8,9 @@ refresh-gpg-key() {
    key=$1
  
    error=999
-  for keyserver in pool.sks-keyservers.net keyring.debian.org keys.gnupg.net; do
+  # This is the only safe keyserver we know of as of 2019-06-09,
+  # https://lwn.net/Articles/792366/
+  for keyserver in keys.openpgp.org; do
      set +e
      cmd="gpg --keyserver $keyserver --recv-keys $key"
      # keyservers are not very reliable, so retry
@@ -47,6 +49,8 @@ KEYS+="A2F4F1966D9E35C673EC30D5B6F1D83E9ACD9EBB " #bkuhn
  KEYS+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth
  KEYS+="43372794C8ADD5CA8FCFFA6CD03759DAB600E3C0 " #michael
  KEYS+="B102017CCF698F79423EF9CC069C04D206A59505 " #zoe
+KEYS+="7CCC7ECD3D78EB384F6C02C8966951617A149C73 " #gregf
+
  
  rm -f /tmp/keys.asc ./fsf-keyring.gpg
author	Ian Kelling <iank@fsf.org>
	Tue, 9 Jul 2019 14:34:05 +0000 (10:34 -0400)
committer	Ian Kelling <iank@fsf.org>
	Tue, 9 Jul 2019 14:34:05 +0000 (10:34 -0400)
fsf-keyring.gpg		patch \| blob \| blame \| history
fsf-keyring.sh		patch \| blob \| blame \| history