Closed rossabaker closed 5 months ago
The alternative here is to set up an openpgp subdomain and do the "advanced" implementation, whose directory structure looks like the first commit. That "site" could conceivably be built from public key(s) as the source.
The alternative here is to set up an openpgp subdomain and do the "advanced" implementation, whose directory structure looks like the first commit. That "site" could conceivably be built from public key(s) as the source.
The "advanced" method will automate if the public key changes (I think this is what you mean by "built from the public key(s)"?), vs this "direct" method where we would manually have to update the file structure for a new public key; assuming I am understanding the differences, I think the direct method is good for us. Thanks for doing this Ross!
Advanced is a little easier to automate in an action because:
(DomainName, Set[PublicKey]) => IO[Victory])
. [^1]Direct could be automated by removing an intermediate directory (the oops I fixed in eda22b3a328bf9ed4cdb542166ca6cf53ac0ffed) and by not screwing up the rest of Jekyll.
Clients are advised to consult Advanced first, and fall back to Direct.
[^1]: Why, yes, I do already have a generic Nix derivation that does this, I'm glad you asked.
I'm going to merge this to get something working, and we can debate Advanced and automation when we have to update it before it expires again in July.
Follow-up: this passes all four direct WKD tests and successfully verifies the domain with Ariadne.
GitHub verification would be neat, but requires a gist, which orgs can't do. Mastodon and OpenCollective are possible, but really have nothing to do with this key.
--locate-keys
.TXT
record already exists.