3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/tools/security/gnupg
Alyssa Ross c727083e65
gnupg: change default keyserver to non-SKS
See https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f.

The SKS network is vulnerable to certificate poisoning, which can
destroy GnuPG installations. keys.openpgp.org is a new non-SKS keyserver
that is resistant to this type of attack.

With such an attack being possible, it is unsafe to use SKS keyservers
for almost anything, and so we should protect our users from a now
unsafe default. keys.openpgp.org offers some (but not all) functionality
of SKS, and is better than nothing.

This default is only present in gnupg22. gnupg20 and gnupg1orig are not
affected.
2019-06-30 14:09:02 +00:00
..
1.nix gnupg1orig: 1.4.22 -> 1.4.23 2018-06-14 07:35:51 -07:00
1compat.nix gnupg1compat: reintroduce symlinks, only when actually needed 2018-10-06 14:38:36 -05:00
20.nix gnupg20: set version variable to fix gnupg1compat 2018-10-06 12:21:05 -05:00
22.nix gnupg: change default keyserver to non-SKS 2019-06-30 14:09:02 +00:00
clang.patch
fix-libusb-include-path.patch gnupg: 2.2.4 -> 2.2.5 2018-03-05 15:12:52 +01:00
gpgkey2ssh-20.patch gnupg: 2.1.22 -> 2.1.23 2017-08-11 19:24:06 +02:00