On 1.12.2025 23:52, Genes Lists wrote:
So for any <name>@archlinux.org, WKD will request the certificate from the web server URL:https://archlinux.org/.well-known/openpgpkey/hu/<hash-of-email>
Actually Arch uses "advanced" variant of WKD which searches a subdomain: https://openpgpkey.archlinux.org/.well-known/openpgpkey/archlinux.org/hu/<hash-of-email>I'm wondering if we should provide all certs concatenated in a single location (e.g. https://openpgpkey.archlinux.org/packagers.pgp) so that the "archlinux-keyring-wkd-sync" would be a single curl + pacman-key --import) instead of relying on this extremely fragile GnuPG's dirmngr to do networking...
Kind regards, Wiktor
OpenPGP_0x6C8857E0D8E8F074.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
