Unbound 1.24.1 released
Petr Menšík
pemensik at redhat.com
Thu Oct 30 11:30:55 UTC 2025
Did you know you can locate gpg keys from DNS itself? It is a bit sad
DNS specialized group does not publish it that way. Especially when they
already have the domain signed and they could publish the OPENPGPKEY
record there.
gpg --auto-key-locate dane --locate-external-keys george at nlnetlabs.nl
It is possible also for SMIME key, in case PGP is not desired anymore.
Fedora publishes its keys using dane, but not WKD.
Petr
On 25/10/2025 02:21, Phil Pennock via Unbound-users wrote:
> For myself, the announcement 4 days earlier (on the 20th) in the email
> with Subject of "Unbound release - introducing extra PGP key" was quite
> helpful.
>
> Eg:https://lists.nlnetlabs.nl/pipermail/unbound-users/2025-October/008598.html
>
> A single keyring for "all keys valid for this product" would be helpful,
> albeit too often I'd see folks fetch it just before fetching the
> software release assets and verify against the key just retrieved from
> the same place and then be confused as to why I'd flag it as an issue.
> So it's not as simple as "put it in the same place" and needs very
> careful messaging to at least try to discourage people from mistakes.
>
> As to the<https://nlnetlabs.nl/people/> page, Yorgos' key is one of
> only three where the key is distributed from a site under their
> administrative control instead of the public swamps, so one of only
> three which doesn't make me wince. This is a definite improvement.
>
> (If PGP weren't dying such that I'm reluctant to spend effort on
> advocacy any more, I'd nudge towards WKD, as used by kernel.org,
> debian.org, archlinux.org, etc, so that `gpg --locate-external-keys
> foo at nlnetlabs.nl` could work; as it is, I'll leave it as this note that
> a world which is simpler for relying parties is possible, if folks are
> interested.)
>
> -Phil
>
--
Petr Menšík
Senior Software Engineer, RHEL
Red Hat,https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20251030/298095a0/attachment.htm>
More information about the Unbound-users
mailing list