On 2020/09/24 1:39, Noah Meyerhans wrote: > the same functionality could be provided by passing a complete public > key directly via cloud-config userdata, that we should support this > functionality. user-data is typically limited to ~16384 bytes. A rsa4096 key exported using the `--armor --export-options export-minimal` gpg command arguments is around 7750 bytes uncompressed. That doesn't allow for a lot of GPG keys for 3rd party repository access while bootstrapping, particularly where the user's instance launching/user-data management tooling does not support compression. It is perhaps a significant limitation for some people. On 2020/09/25 16:24, Bastian Blank wrote: > No, none of this use-cases are valid. > > Per ID is not reliable, as the keyserver network is falling apart. There is a keyserver option to allow the user to specify which server to query, so it could be manually set (eg. hkps://keys.openpgp.org). It is also possible the admin is using a private keyserver. Broadly speaking, I would suggest that we shouldn't presume what might or might not be a valid use case. This freedom is an important reason why many love free software operating systems. Regards, Adam
Attachment:
signature.asc
Description: OpenPGP digital signature