[pkg-gnupg-maint] Convenient access to Debian keyrings
Paul Wise
pabs at debian.org
Sun Apr 2 03:29:22 UTC 2017
On Sun, Apr 2, 2017 at 7:06 AM, gregor herrmann wrote:
> % crontab -l | grep debian-keyring
> 30 17 * * * /usr/bin/rsync -rlptDq "keyring.debian.org::keyrings/keyrings/*.gpg" /home/gregoa/.gnupg/debian-keyring
The rsync protocol is unencrypted, I'd suggest switching this to SSH
(one colon instead of two). You could also use rsync over TLS on port
1873 (uses the same cert as via http). I couldn't easily work out how
to do it with stunnel but the following works with socat. I thought
there was also a way to verify the keyring when it was at rest but
can't find where I saw that.
rsync --rsh 'sh -c "socat OPENSSL:keyring.debian.org:1873 STDIO"'
keyring.debian.org::keyrings .
--
bye,
pabs
https://wiki.debian.org/PaulWise
More information about the pkg-gnupg-maint
mailing list