schleuder issueshttps://0xacab.org/schleuder/schleuder/-/issues2024-03-15T08:02:56Zhttps://0xacab.org/schleuder/schleuder/-/issues/535keywords in the middle of messages get stripped2024-03-15T08:02:56Zdkgkeywords in the middle of messages get strippedSometimes, a user of a schleuder list might send instructions about how to control a schleuder list in a message that went to the list itself.
If the instructions include keywords, those keywords are stripped before re-sending, even if ...Sometimes, a user of a schleuder list might send instructions about how to control a schleuder list in a message that went to the list itself.
If the instructions include keywords, those keywords are stripped before re-sending, even if those keywords are not at the top of the message.
Using schleuder 4.0.3-7 (as packaged in debian stable, version 12.5), i sent the following message to a schleuder list:
```
Please ignore this message, i am trying to debug a possible schleuder
bug.
Here is a schleuder keyword command in the middle of the message text:
X-LIST-NAME: foo@example.org
X-ATTACH-LIST-KEY:
-----BEGIN PGP PUBLIC KEY BLOCK-----
nothing to see here.
And here is some followup text.
--dkg
```
The signed, encrypted version of the message that came back from the list had the expected spliced metadata part:
```
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: [REDACTED SCHLEUDER LIST ADDRESS]
Cc:
Date: Mon, 11 Mar 2024 15:08:50 -0400
Sig: Good signature from BB7E9101495E6BF7 Daniel Kahn Gillmor
Enc: Encrypted
------------------------------------------------------------------------------
```
and the rest of the body said:
```
Please ignore this message, i am trying to debug a possible schleuder
bug.
Here is a schleuder keyword command in the middle of the message text:
nothing to see here.
And here is some followup text.
--dkg
```
It seems to me that keywords that are not at the beginning of the message should be ignored, not stripped.5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/530Insufficient sanitation of emailed requests2024-02-14T11:27:26ZAndrew GallagherInsufficient sanitation of emailed requestsI use Apple Mail, which has the unfortunate habit of expanding "user@example.com" to "user@example.com &lt;user@example.com&gt;", even in "plain text" mode. This means that when trying to subscribe a non-admin user to a list via the -req...I use Apple Mail, which has the unfortunate habit of expanding "user@example.com" to "user@example.com <user@example.com>", even in "plain text" mode. This means that when trying to subscribe a non-admin user to a list via the -request interface, the body gets mangled to:
```
x-subscribe: user@example.com <user@example.com> DEADBEEFDEADBEEFDEADBEEFDEADBEEFDEADBEEF
```
This is apparently being parsed as:
```
x-subscribe: user@example.com NULL TRUE
```
because it subscribes the user without a fingerprint and sets them to an admin:
```
user@example.com has been subscribed with these attributes:
Fingerprint:
Admin? true
Email-delivery enabled? true
```
This is dangerous behaviour. Unexpected input should always throw an error, especially where admin permissions are being assigned.5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/526Schleuder throws a traceback if told to import a key, but a key can't be found2024-01-09T08:56:04ZgeorgSchleuder throws a traceback if told to import a key, but a key can't be foundSuper admins receive the following error via mail if a user tries to import a key via a request mail with `x-add-key`, but no key:
```
undefined method `compact' for "Your message did not contain any attachments nor text content. Theref...Super admins receive the following error via mail if a user tries to import a key via a request mail with `x-add-key`, but no key:
```
undefined method `compact' for "Your message did not contain any attachments nor text content. Therefore no key could be imported.":String
import_stati = results.compact.collect(&:imports).flatten
^^^^^^^^
/usr/lib/ruby/vendor_ruby/schleuder/keyword_handlers/key_management.rb:21:in `add_key'
/usr/lib/ruby/vendor_ruby/schleuder/keyword_handlers_runner.rb:67:in `run_handler'
/usr/lib/ruby/vendor_ruby/schleuder/keyword_handlers_runner.rb:34:in `block in run'
/usr/lib/ruby/vendor_ruby/schleuder/keyword_handlers_runner.rb:32:in `map'
/usr/lib/ruby/vendor_ruby/schleuder/keyword_handlers_runner.rb:32:in `run'
/usr/lib/ruby/vendor_ruby/schleuder/filters/post_decryption/10_request.rb:16:in `request'
/usr/lib/ruby/vendor_ruby/schleuder/filters_runner.rb:14:in `block in run'
/usr/lib/ruby/vendor_ruby/schleuder/filters_runner.rb:12:in `map'
/usr/lib/ruby/vendor_ruby/schleuder/filters_runner.rb:12:in `run'
/usr/lib/ruby/vendor_ruby/schleuder/runner.rb:127:in `run_filters'
/usr/lib/ruby/vendor_ruby/schleuder/runner.rb:56:in `run'
/usr/lib/ruby/vendor_ruby/schleuder/cli.rb:38:in `work'
/usr/share/rubygems-integration/all/gems/thor-1.2.1/lib/thor/command.rb:27:in `run'
/usr/share/rubygems-integration/all/gems/thor-1.2.1/lib/thor/invocation.rb:127:in `invoke_command'
/usr/share/rubygems-integration/all/gems/thor-1.2.1/lib/thor.rb:392:in `dispatch'
/usr/share/rubygems-integration/all/gems/thor-1.2.1/lib/thor/base.rb:485:in `start'
/usr/bin/schleuder:13:in `<main>'
```
Schleuder version: `4.0.3`5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/525Fix importing keys from encoded attachments2023-11-14T08:54:32ZpazFix importing keys from encoded attachmentsCurrently importing keys from some forms of encoded attachments (e.g. sent by Thunderbird) fails.
This is due to the change from 7ff1160a4cd090e38ffd6d49ee27531132cc52f4.
Interestingly, the test-case newly added by that commit, also is...Currently importing keys from some forms of encoded attachments (e.g. sent by Thunderbird) fails.
This is due to the change from 7ff1160a4cd090e38ffd6d49ee27531132cc52f4.
Interestingly, the test-case newly added by that commit, also is green without the change to `key_management.rb`.
@georg Do you have any memory why you changed `key_management.rb` the way you did?5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/523HTML mail leakage when the `text/html` part is not a direct child of the `mul...2023-10-23T21:36:38ZsnipHTML mail leakage when the `text/html` part is not a direct child of the `multipart/alternative`Hello!
I think I've encountered a problem in Schleuder 3.4.0 (which is probably still present in the later versions as well), in which the HTML part of an email containing keywords will not be removed if the `text/html` part is not a di...Hello!
I think I've encountered a problem in Schleuder 3.4.0 (which is probably still present in the later versions as well), in which the HTML part of an email containing keywords will not be removed if the `text/html` part is not a direct child of the main `multipart/alternative` container.
## Steps to Reproduce the Problem
1. Compose a new email (I used Thunderbird 102, but other email clients might work as well).
2. Add Schleuder keywords (such as an `x-resend` keyword).
3. In the body of the email, insert an image.
4. Send the encrypted, signed email to the Schleuder address.
Note: Since the HTML part should be stripped anyway, I agree that there is not much point including an image in the email in the first place. However, I think there are real-life situations where this could happen: for instance, when quoting / replying to an email which already has embedded images, the email client will automatically include these images in the new message, and the user may just leave them as is. (Actually, this is how I've stumbled upon this problem.)
## Expected Behavior
One would expect the HTML part to be stripped from the email resent by Schleuder, since #399 was fixed thanks to !255.
## Actual Behavior
The HTML part will be left untouched by Schleuder and resent as is. In particular, it will leak the keywords.
## Specifications
- Version: 3.4.0 (it seems to me that the problem is present in the 4.* branch as well, but I wasn't able to test)
- Installation method (package, gem...): unknown
- Mail client version: Thunderbird 102.3.0
## Other information
It seems to me that this is due to the fact that Schleuder will only remove the `text/html` part if it is directly contained in the top-level `multipart/alternative` container, according to the [`strip_html_from_alternative_if_keywords_present` filter](http://wmj5kiic7b6kjplpbvwadnht2nh2qnkbnqtcv3dyvpqtz7ssbssftxid.onion/schleuder/schleuder/-/blob/schleuder-3.4.0/lib/schleuder/filters/post_decryption/90_strip_html_from_alternative_if_keywords_present.rb#L11-13). For instance, the filter will work as expected if the email has the following structure:
```
multipart/alternative
|- text/plain
'- text/html
```
However, if there is an image embedded with the HTML part, then Thunderbird (and probably other email clients) will first bundle the HTML part and the image together in a `multipart/related` part, then add this part to the `multipart/alternative`:
```
multipart/alternative
|- text/plain
'- multipart/related
|- text/html
'- image/jpeg
```
From what I could understand from the code of the `strip_html_from_alternative_if_keywords_present` filter, it seems to me that Schleuder will not find and remove the `text/html` part because it is not in the `mail.parts` array.
Maybe a possible fix would be to recurse down the tree of parts instead of just looking at the direct children of the root `multipart/alternative` container? Unfortunately, I'm not fluent enough in Ruby to be able to investigate this issue further.
In any case, I hope that this report will help!
Thank you very much for all the work on this great tool! :)
Cheers!\
snip5.0.0https://0xacab.org/schleuder/schleuder/-/issues/520Stop providing a default SKS keyserver2023-11-14T08:55:30ZpazStop providing a default SKS keyserverI propose to not provide a default config setting for `Conf.sks_keyserver` anymore.
The old SKS keyservers are mostly dead, `keyserver.ubuntu.com` appears to be the only public SKS keyserver left. We shouldn't encourage to use them anym...I propose to not provide a default config setting for `Conf.sks_keyserver` anymore.
The old SKS keyservers are mostly dead, `keyserver.ubuntu.com` appears to be the only public SKS keyserver left. We shouldn't encourage to use them anymore.
But `keys.mailvelope.com` (validates uploaded email addresses) provides its keys via SKS-like URLs (besides its own API, which I don't want to implement), and people might want to use non-public SKS keyservers, too. Therefore I do not propose to remove handling SKS-keyservers completely.5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/519`list.send_list_key_to_subscriptions` fails if `deliver_selfsent` is set to f...2022-09-13T14:49:52Zfleish`list.send_list_key_to_subscriptions` fails if `deliver_selfsent` is set to falseI recently changed my list defaults to set deliver_selfsent to false to avoid having messages reflected back to senders who are also subscribers. The next time I tried to create a list using schleuder-cli, I was unable to use the send-li...I recently changed my list defaults to set deliver_selfsent to false to avoid having messages reflected back to senders who are also subscribers. The next time I tried to create a list using schleuder-cli, I was unable to use the send-list-key-to-subscriptions command to send myself the list's key. Temporarily setting deliver_selfsent to true resolved this issue. Debug logs attached for attempting to call send-list-key-to-subscriptions both times. Somewhat ironically, the 2 errors generated were successfully sent to me as the list admin (and only subscriber) via signed+encrypted mail to the same address.
[list.log.send-list-key-to-subscriptions_selfsent.false.txt](/uploads/f1c51b2f18213f4b36f7cb290b3e0468/list.log.send-list-key-to-subscriptions_selfsent.false.txt)
[list.log.send-list-key-to-subscriptions_selfsent.true.txt](/uploads/1fbf4e90ba20d02f65600fb206831b1f/list.log.send-list-key-to-subscriptions_selfsent.true.txt)5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/518Upgrade Active Record to 7.0.42022-09-13T14:52:14ZNinaUpgrade Active Record to 7.0.45.0.0NinaNinahttps://0xacab.org/schleuder/schleuder/-/issues/511Test with Ruby 3.12022-04-16T22:00:49ZpazTest with Ruby 3.1Depends on schleuder/schleuder-ci-images#1Depends on schleuder/schleuder-ci-images#15.0.0https://0xacab.org/schleuder/schleuder/-/issues/510Drop Ruby 2.5 and 2.6 support2022-09-11T18:23:27ZgeorgDrop Ruby 2.5 and 2.6 support5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/496gpg: insecure memory warnings for tests2022-09-13T14:50:27ZAndreas Schleifergpg: insecure memory warnings for testsHello,
while trying to package schleuder for Archlinux I get the following errors when running the tests during the packaging step:
```
Created database 'db/test.sqlite3'
Randomized with seed 63950
.......................................Hello,
while trying to package schleuder for Archlinux I get the following errors when running the tests during the packaging step:
```
Created database 'db/test.sqlite3'
Randomized with seed 63950
.....................................................................................................................................................................................................................................................................................................................................................................................................................................FFF.F.FF..............................................................................................................
Failures:
1) Schleuder::ListBuilder creates a listdir for the list
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:41:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
2) Schleuder::ListBuilder creates a new, valid list
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:9:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
3) Schleuder::ListBuilder subscribes the adminaddress and ignores the adminfingerprint if an adminkey was given
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:85:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
4) Schleuder::ListBuilder subscribes the adminaddress and respects the given adminfingerprint
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:72:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
5) Schleuder::ListBuilder subscribes the adminaddress and imports the adminkey
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:60:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
6) Schleuder::ListBuilder creates a list-key with all required UIDs
Failure/Error: raise Errors::KeyAdduidFailed.new(exc.to_s)
Schleuder::Errors::KeyAdduidFailed:
Adding a user-ID to the OpenPGP key failed with this message:
gpg: Warning: using insecure memory!
Kind regards,
Your Schleuder system.
# ./lib/schleuder/list_builder.rb:103:in `rescue in adduids'
# ./lib/schleuder/list_builder.rb:88:in `adduids'
# ./lib/schleuder/list_builder.rb:82:in `create_key'
# ./lib/schleuder/list_builder.rb:41:in `run'
# ./spec/schleuder/unit/list_builder_spec.rb:49:in `block (2 levels) in <top (required)>'
# ./spec/spec_helper.rb:48:in `block (3 levels) in <top (required)>'
# ./spec/spec_helper.rb:47:in `block (2 levels) in <top (required)>'
# ------------------
# --- Caused by: ---
# RuntimeError:
# gpg: Warning: using insecure memory!
# ./lib/schleuder/list_builder.rb:93:in `block in adduids'
Finished in 4 minutes 20.7 seconds (files took 1.94 seconds to load)
539 examples, 6 failures
Failed examples:
rspec ./spec/schleuder/unit/list_builder_spec.rb:37 # Schleuder::ListBuilder creates a listdir for the list
rspec ./spec/schleuder/unit/list_builder_spec.rb:5 # Schleuder::ListBuilder creates a new, valid list
rspec ./spec/schleuder/unit/list_builder_spec.rb:81 # Schleuder::ListBuilder subscribes the adminaddress and ignores the adminfingerprint if an adminkey was given
rspec ./spec/schleuder/unit/list_builder_spec.rb:69 # Schleuder::ListBuilder subscribes the adminaddress and respects the given adminfingerprint
rspec ./spec/schleuder/unit/list_builder_spec.rb:56 # Schleuder::ListBuilder subscribes the adminaddress and imports the adminkey
rspec ./spec/schleuder/unit/list_builder_spec.rb:45 # Schleuder::ListBuilder creates a list-key with all required UIDs
Randomized with seed 63950
```
During these tests I don't really care about such errors and therefor I tried to ignore them. My current code for running the tests looks like this:
```
export GNUPGHOME=.gnupg
mkdir -p "${GNUPGHOME}"
echo "no-secmem-warning" >> "${GNUPGHOME}/gpg.conf"
export CHECK_CODE_COVERAGE=false
export SCHLEUDER_CONFIG=spec/schleuder.yml
export SCHLEUDER_ENV=test
bundle exec rake db:init
bundle exec rspec
```
Any idea how I can ignore these errors in my tests?
I can't use setuid, as the build environment has no permissions to do that.
Best regards5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/479Don't allow to upload expired keys (or inform the user about usability issues...2023-11-14T08:55:40ZcasperDon't allow to upload expired keys (or inform the user about usability issues [expired, revoked])You shouldn't be allowed to upload an unusable key. Or at least, there should be an informative warning flash message as proposed in schleuder-web#12.You shouldn't be allowed to upload an unusable key. Or at least, there should be an informative warning flash message as proposed in schleuder-web#12.5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/476receive_from_subscribed_emailaddresses_only: make From: check case-insensitive2022-09-13T14:48:53Zcosmo222receive_from_subscribed_emailaddresses_only: make From: check case-insensitiveHello,
I have a few list using schleuder and in lists where i'm not using pgp to verify if someone is on list i use
`Receive from subscribed emailaddresses only?` and there is a problem because this check is case-sensitive i know that...Hello,
I have a few list using schleuder and in lists where i'm not using pgp to verify if someone is on list i use
`Receive from subscribed emailaddresses only?` and there is a problem because this check is case-sensitive i know that this is weak check because You can change From header and send emails to list but this is only what i have.
I cannot use verify using pgp sign because peoples don't know how to use it.
Do You planing to change it or if it fixed tell me in witch version?
I'm using schleuder version 3.4.0-2 installed from repo on debian10.
Best regards
Matthew5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/435Provide list-option to auto-import keys from Autocrypt-headers and attachments2023-12-08T13:18:02ZgeorgProvide list-option to auto-import keys from Autocrypt-headers and attachmentsI spoke with people about Schleuder version 4, and stuff they would find helpful. Something people mentioned several times was better Autocrypt support, especially if Schleuder is used in a "frontdesk setup", with lots of different peopl...I spoke with people about Schleuder version 4, and stuff they would find helpful. Something people mentioned several times was better Autocrypt support, especially if Schleuder is used in a "frontdesk setup", with lots of different people sending mail to Schleuder, etc. To make this more easy, and to give people an option to get rid of boring, manual and repeated work, this is a proposal:
- Introduce a new per-list option to parse incoming Autocrypt header.
- If enabled, handle the `keydata` field, check the data in there, and if all good, import the key into the final keyring.
- Probably, checking the data in the field means importing the data into a temporary keyring, and checking the result.
- Add a new pseudo-header, `sender key status`, with the result of the check and/or import as per above:
* `Not present - Key imported` (if there was not key yet for this email addr, TOFU)
* `Already present - Key unchanged` (if the key is already part of the keyring)
* `Already present - Conflicting Key - not imported` (if a different key for this mail addr is already part of the keyring)
- Pending questions:
* Use a dedicated per-list keyring for these keys, similar to what MUAs are doing?
* Still, prefer the manual keyring, and only if no key is found there, fallback to the Autocrypt-keyring?
* Should a disctinction be made regarding sending to subscribers, vs. resending? That is: Should the manual keyring be the single source of truth to handle key lookups of subscriptions?
* As per the Autocrypt spec, AFAIK, MUAs do replace keys, if a key is already present on the local system and there is a new one received via mail. Do we want this? Or do we let people handle this situation on their own, as per above?
* Wording: Not really sure if I'm happy with `sender key status`, maybe just `Autocrypt`? OTOH, not sure if that's "too technical".
That's a first draft, happy to take any input, and to get this into something worth implementing.5.0.0pazpazhttps://0xacab.org/schleuder/schleuder/-/issues/361Speak to keyservers directly and drop dirmngr2022-09-13T13:40:27ZpazSpeak to keyservers directly and drop dirmngrWe were discussion to maybe speak to keyservers directly, via HTTPS.
Pro:
* We can get rid of a lot of shell-calls,
* it it much easier and probably much more realiable to test, sks-mock.rb and repeatingly killing dirmngr could probably...We were discussion to maybe speak to keyservers directly, via HTTPS.
Pro:
* We can get rid of a lot of shell-calls,
* it it much easier and probably much more realiable to test, sks-mock.rb and repeatingly killing dirmngr could probably be dropped,
* we still can support multiple, specific keyservers,
* we have much more control over the requests, e.g. can retry in case of timeouts.
Contra:
* We can not support keyserver-pools (because they don't use proper HTTPS-certificates),
* we must use a hardcoded default, can't fall back to a system-wide configured keyserver,
* supporting connections via TOR requires additional work (but not that much: https://rubygems.org/gems/socksify, https://stackoverflow.com/questions/13353544/ruby-tor-and-nethttpproxy/13882749#13882749)5.0.0pazpaz