[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Sks-devel] Cease of operation: *.gnupg.pub
From: |
Franck Nijhof |
Subject: |
[Sks-devel] Cease of operation: *.gnupg.pub |
Date: |
Mon, 23 Apr 2018 17:24:25 +0200 |
Hi there,
Via this message, I am announcing the cease of operations on the servers:
*.gnupg.pub.
I have started this experiment some time ago and have enjoyed it pretty much
and reached my goal; Getting my server in the pools most of the time, by
getting the highest possible score (without HA).
The time has also come to make some confessions. Those scores my server got,
are not real. I have studied the code running the pools quite a bit and
discovered quite a few flaws in it. Which I successfully exploited to get a
higher ranking, resulting in my pretty low budget VPS to be in multiple pools
almost all the time. I am not going to expose those flaws right here.
Nevertheless, I do think it is pretty severe that this system is that easy to
manipulate. Even worse; I did not even get into doing extreme things since that
was not necessary at all.
With all due respect, the code running the SKS pools and website are in a
pretty sad state. In my humble opinion the code should be made public on a
decent open source platform (e.g., GitHub), refactored and exposed as much as
possible in order to gain feedback and improvements from other developers.
While doing that, add some decent CI/CD as, including some static code analysis
tooling.
Don't worry; the data is not being exploited at all. Nor did peering with me
had any effect on your services. That was never my intention of this little
project.
Thank you for learning me so much from GPG and the inner working of the SKS
pools that are so important to the GnuPG community and its users.
With kind regards,
Franck Nijhof
signature.asc
Description: Message signed with OpenPGP
- [Sks-devel] Cease of operation: *.gnupg.pub,
Franck Nijhof <=