Use keys.openpgp.org instead of pgp.mit.edu (#11249)
The SKS Keyserver network has been under attack with poisoned certificates since at least 2019. Downloading a poisoned certificate has the awful side-effect of completely breaking your keyring and most software has now moved off the network and uses the keys.openpgp.org which has a different protocol instead - in fact one whereby emails are verified. For more details regarding the attack see: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f See: https://keys.openpgp.org/about and https://keys.openpgp.org/about/faq Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>tokarchuk/v1.17
parent
a2683e5ddb
commit
1853131d42
Loading…
Reference in new issue