Speak to keyservers directly and drop dirmngr (#361) · Issues · schleuder / schleuder · GitLab

Hello! We are running our annual fundraising. Please consider making a donation if you value this freely available service or want to support people around the world working towards liberatory social change. https://riseup.net/donate.

Speak to keyservers directly and drop dirmngr

We were discussion to maybe speak to keyservers directly, via HTTPS.

Pro:

We can get rid of a lot of shell-calls,
it it much easier and probably much more realiable to test, sks-mock.rb and repeatingly killing dirmngr could probably be dropped,
we still can support multiple, specific keyservers,
we have much more control over the requests, e.g. can retry in case of timeouts.

Contra:

We can not support keyserver-pools (because they don't use proper HTTPS-certificates),
we must use a hardcoded default, can't fall back to a system-wide configured keyserver,
supporting connections via TOR requires additional work (but not that much: https://rubygems.org/gems/socksify, https://stackoverflow.com/questions/13353544/ruby-tor-and-nethttpproxy/13882749#13882749)

Edited Apr 02, 2019 by georg