Use a more reliable OpenPGP key server by default (#16575) · Issues · tails / tails

Use a more reliable OpenPGP key server by default

Originally created by @sajolida on #16575 (Redmine)

I’ve had reliability problems when doing OpenPGP operations in Tails for months (years?). The output of the gpg is pretty unhelpful and, if I understood correctly, the issue is unreliable key servers. For example:

amnesia@amnesia:~$ gpg --recv-keys 0x2BD5824B7F9470E6
gpg: keyserver receive failed: No keyserver available

For some time, I’ve used keys.riseup.net whenever I experience a failed OpenPGP operation and it also always solves it. For example, after the previous error:

amnesia@amnesia:~$ gpg --keyserver keys.riseup.net --recv-keys 0x2BD5824B7F9470E6
gpg: key 0x2BD5824B7F9470E6: 167 signatures not checked due to missing keys
gpg: key 0x2BD5824B7F9470E6: "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" 2 new user IDs
gpg: key 0x2BD5824B7F9470E6: "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" 173 new signatures
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:  46  trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: depth: 1  valid:  46  signed: 116  trust: 46-, 0q, 0n, 0m, 0f, 0u
gpg: next trustdb check due at 2019-03-19
gpg: Total number processed: 1
gpg:           new user IDs: 2
gpg:         new signatures: 173

Why don’t we configure keys.riseup.net as the default OpenPGP key server in Tails since it proved to be much more reliable than the current state of things?

Related issues

Related to #17090 (closed)
Is duplicate of #12689 (closed)

Edited May 15, 2020 by sajolida

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information