NowpPublishing fedora developer PGP keys in DNSSEC

Paul Wouters paul at
Sun Feb 1 23:24:06 UTC 2015

On Sun, 1 Feb 2015, Björn Persson wrote:

> Paul Wouters wrote:
>> paul at bofh:~$ openpgpkey --fetch pwouters at
> openpgpkey: /var/lib/unbound/root.anchor is not a file. Unable to use
> it as rootanchor
> Huh?

turns out a bug in %post of unbound-libs. I pushed a fix into rawhide.
I've also made openpgpkey smarter so it looks for more file locations
for the root.anchor or root.key file. I'll push that upstream.

>> 2) most people don't have their as uid on their key
> Perhaps they are like me in that they want to be known by their actual
> address rather than the alias. When people want to
> reach me I want them to send their email directly to Bjorn at Rombobjö
> (or to Bjorn at if their email client doesn't understand
> IDNA), not to an alias in another domain. It doesn't hurt that an alias
> exists, and it may be useful to automated stuff in the Fedora
> infrastructure, but I prefer not to advertise it outside of Fedora.

It will show you the uids present on the key and you can still import
the gui and mail them at the other addresses.

> Perhaps you should publish only those keys that have a
> address?

The goal though is to make it easier to get keys and use encryption,
not more manual. So I prefer to have the keys there even if the uid
is not there.

> Traceback (most recent call last):
>  File "/usr/bin/openpgpkey", line 189, in <module>
>    if "<%s>" in uid:
> UnicodeDecodeError: 'ascii' codec can't decode byte 0xc3 in position
> 14: ordinal not in range(128)

I'll work on adding punycode support :)

(the LHS does not matter, we just sha224 whatever you give us)


More information about the devel mailing list