On Sun, Apr 02, 2017 at 11:29:22AM +0800, Paul Wise wrote:
> On Sun, Apr 2, 2017 at 7:06 AM, gregor herrmann wrote:
>
> > % crontab -l | grep debian-keyring
> > 30 17 * * * /usr/bin/rsync -rlptDq "keyring.debian.org::keyrings/keyrings/*.gpg" /home/gregoa/.gnupg/debian-keyring
>
> The rsync protocol is unencrypted, I'd suggest switching this to SSH
> (one colon instead of two). You could also use rsync over TLS on port
> 1873 (uses the same cert as via http). I couldn't easily work out how
> to do it with stunnel but the following works with socat. I thought
> there was also a way to verify the keyring when it was at rest but
> can't find where I saw that.
If you do an rsync of keyring.debian.org::keyrings (no second keyrings/)
you get a sha512sums.txt file as well which will be signed by one of
keyring-maint.
J.
--
Give me liberty or I will cut | .''`. Debian GNU/Linux Developer
you. | : :' : Happy to accept PGP signed
| `. `' or encrypted mail - RSA
| `- key on the keyservers.
Attachment:
signature.asc
Description: Digital signature