[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#970796: cloud-init: Please add gnupg to Recommends

On 2020/09/24 1:39, Noah Meyerhans wrote:
> the same functionality could be provided by passing a complete public
> key directly via cloud-config userdata, that we should support this
> functionality.

user-data is typically limited to ~16384 bytes. A rsa4096 key exported
using the `--armor --export-options export-minimal` gpg command
arguments is around 7750 bytes uncompressed.

That doesn't allow for a lot of GPG keys for 3rd party repository access
while bootstrapping, particularly where the user's instance
launching/user-data management tooling does not support compression. It
is perhaps a significant limitation for some people.

On 2020/09/25 16:24, Bastian Blank wrote:
> No, none of this use-cases are valid.
> Per ID is not reliable, as the keyserver network is falling apart.

There is a keyserver option to allow the user to specify which server to
query, so it could be manually set (eg. hkps://keys.openpgp.org). It is
also possible the admin is using a private keyserver.

Broadly speaking, I would suggest that we shouldn't presume what might
or might not be a valid use case. This freedom is an important reason
why many love free software operating systems.


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: