From: Ian Kelling <iank@fsf.org>
Date: Tue, 9 Jul 2019 14:34:05 +0000 (-0400)
Subject: add gregf, use safe keyserver
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=7c4333a9d209c942b6699638514374c39f138d3f;p=fsf-keyring.git

add gregf, use safe keyserver
---

diff --git a/fsf-keyring.gpg b/fsf-keyring.gpg
index 26f961b..6f09236 100644
Binary files a/fsf-keyring.gpg and b/fsf-keyring.gpg differ
diff --git a/fsf-keyring.sh b/fsf-keyring.sh
index 170d26b..d11a8fe 100755
--- a/fsf-keyring.sh
+++ b/fsf-keyring.sh
@@ -8,7 +8,9 @@ refresh-gpg-key() {
   key=$1
 
   error=999
-  for keyserver in pool.sks-keyservers.net keyring.debian.org keys.gnupg.net; do
+  # This is the only safe keyserver we know of as of 2019-06-09,
+  # https://lwn.net/Articles/792366/
+  for keyserver in keys.openpgp.org; do
     set +e
     cmd="gpg --keyserver $keyserver --recv-keys $key"
     # keyservers are not very reliable, so retry
@@ -47,6 +49,8 @@ KEYS+="A2F4F1966D9E35C673EC30D5B6F1D83E9ACD9EBB " #bkuhn
 KEYS+="2C31130BF7D5A459AFF2A3F3C9DFFE4A33AA52D9 " #knauth
 KEYS+="43372794C8ADD5CA8FCFFA6CD03759DAB600E3C0 " #michael
 KEYS+="B102017CCF698F79423EF9CC069C04D206A59505 " #zoe
+KEYS+="7CCC7ECD3D78EB384F6C02C8966951617A149C73 " #gregf
+
 
 rm -f /tmp/keys.asc ./fsf-keyring.gpg