I saw this Githib Gist about a poisoning attack on a keyserver that was causing some problems with OpenPGP. I noticed one person pointed out that Linux distros are verified with keys that may be later confounded because of this attack. How about FreeBSD? When we download patches and use freebsd-update, are we relying on this same OpenPGP keyserver infrastructure?
SKS Keyserver Network Under Attack
SKS Keyserver Network Under Attack. GitHub Gist: instantly share code, notes, and snippets.
gist.github.com