Security page update

[Begina]

Security pages advises adding gpg keys via hkp://pool.sks-keyservers.net, however, that service is deprecated, and as of 2021-06-21 DNS records are no longer provided at all.

more info at: https://sks-keyservers.net/status/

[andyneff]

I tried all of these on Centos 7

• hkp://keys.openpgp.org
• hkp://pgp.mit.edu
• hkp://keyserver.pgp.com
• hkp://keyserver.ubuntu.com

And they either timed out or said "gpgkeys: key ... can't be retrieved"

In the end, I had to:

curl -sSL https://rvm.io/mpapis.asc | gpg2 --import
curl -sSL https://rvm.io/pkuczynski.asc | gpg2 --import

[bkmgit]

hkp://keys.openpgp.org seemed to work, so one can use

gpg2 --keyserver hkp://keys.openpgp.org --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB

but the key 409B6B1796C275462A1703113804BB82D39DC0E3 does not have an identity and so should be updated.

[bkmgit]

@mpapis Thanks for your work on this. Might it be possible to add an identity to your key?

[mpapis]

@bkmgit can you give me some instructions on how to add the identity? I'm pretty busy with personal staf.

[bkmgit]

Thanks for your prompt response. The following may be helpful:

• Adding an email to your existing key https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/associating-an-email-with-your-gpg-key
• Adding your key to GitHub https://docs.github.com/en/github/authenticating-to-github/managing-commit-signature-verification/telling-git-about-your-signing-key
• Signing commits https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work

The key can be uploaded to https://keys.openpgp.org/upload As indicated in the OpenPGP documentation, it is also possible to upload the key from the command line using

gpg --export [email protected] | curl -T - https://keys.openpgp.org 

The documentation also indicate that the "no user id" problem is something that is being worked on.