Migrate the security teams GPG key download to keys.openpgp.org #480
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The old SKS system is flawed and shouldn't be used anymore. Hagrid (https://sequoia-pgp.org/blog/2019/06/14/20190614-hagrid/) is a relatively new key of replacement for the old SKS system. It strips the signatures from the keys, to prevent key poisoning, so the WoT is dead and gone.
Also key ids can be cheaply forged, even long ones, see:
Therefore let's migrate to https://keys.openpgp.net and drop key ids entirely.