The key signing process should have an optional step to upload to keyservers. This must be accompanied with a significant warning text to not do this without consent of the key holder.
I'd rather see the key signing process encourage sending the newly-signed key to the keyholder than encouraging upload to the keyservers.
We should encourage upload to the keyservers from the keyholder side -- upon receiving my own key with new exportable certifications, i should be prompted to upload my own key to the keyservers.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This year's "attack" on keyservers showed that uploading signatures to keyservers is not the way forward. Hagrid does not publish 3rd-party signatures at all, and it looks like the SKS-replacement Hockeypuck will neither.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'd rather see the key signing process encourage sending the newly-signed key to the keyholder than encouraging upload to the keyservers.
We should encourage upload to the keyservers from the keyholder side -- upon receiving my own key with new exportable certifications, i should be prompted to upload my own key to the keyservers.
This year's "attack" on keyservers showed that uploading signatures to keyservers is not the way forward. Hagrid does not publish 3rd-party signatures at all, and it looks like the SKS-replacement Hockeypuck will neither.