[Pkg-gnupg-maint] Bug#752260: suggest parcimonie to slowly refresh the public keyring

ilf ilf at zeromail.org
Sat Jun 21 19:04:13 UTC 2014

Package: gnupg
Version: 1.4.16-1.1

Please add "parcimonie" to Suggests.

 From Riseup Labs OpenPGP Best Practices:

> Make sure you are receiving regular key updates. 
> If you do not regularly refresh your public keys, you do not get 
> timely expirations or revocations, both of which are very important to 
> be aware of! 
> If you do a simple ‘gpg —refresh-keys’, you disclose to anyone 
> listening, and the keyserver operator, the whole set of keys that you 
> are interested in refreshing. 
> To avoid this, you can do regular key updates by using parcimonie to 
> refresh your keyring. Parcimonie is a daemon that slowly refreshes 
> your keyring from a keyserver over Tor. It uses a randomized sleep, 
> and fresh tor circuits for each key. The purpose is to make it hard 
> for an attacker to correlate the key updates with your keyring. 
> Parcimonie is packaged in both debian and ubuntu.


Since parcimonie seems to be the only tool to do this that has a Debian 
package, this seems the perfect suggestion.

Thanks, and keep up the good work!


Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg!
		-- Eine Initiative des Bundesamtes für Tastaturbenutzung
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnupg-maint/attachments/20140621/2216c150/attachment.sig>

More information about the Pkg-gnupg-maint mailing list