Only attempt to download keys from servers claiming to have the relevant fingerprint

muelli / geysigning

An easier way to sign OpenPGP keys over the local network

GNU General Public License v3.0

9 stars 10 forks source link

Only attempt to download keys from servers claiming to have the relevant fingerprint #6

Closed muelli closed 9 years ago

muelli commented 9 years ago

For now, we iterate over all servers which announced themselves. It'd be smarter to announce the fingerprint served along with the service (maybe TXT record) and to only attempt to download from those.

muelli commented 9 years ago

FTR: There is https://github.com/andreimacavei/geysigning/commit/b4c82826bb1cddd24189fbccde042711213c6c5f for the publishing side

muelli commented 9 years ago

I think we do this since ec4790cd98c4b8061e2e63f721573acbdcc00ed3