Tyler Durden | 22 Apr 12:49 2015
Picon

Keyserver downtime for maintenance

Hi

I just want to let you know that my keyserver "keyserver.adamas.ai" is
going down for maintenance. This will last for about 6 hours.

Greetings
virii

default values for sks config parameters

Hi,

I would like to fiddle a bit with parameters like "max_matches". Where can I find the default values or how
can I dump a list of present config?

Sincerely,

Malte

Brian Minton | 20 Apr 22:45 2015

Re: seeking peers for keys.enteig.net

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I'd probably use nginx, which has a pretty low footprint.
-----BEGIN PGP SIGNATURE-----
Version: OpenKeychain v3.1.2

iIAEAREIACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5hbWU+BQJVNWVE
AAoJEGuOs6Blz7qpA1oA/0nfSXiqUohXZur3HDOykQI5GexMq0f/uwHVMZ6BkFFW
AP9GHHnhbG1bw4WghDKf7HEQbDTq0ZoJJe9A8EQXo1lHNw==
=+Lzg
-----END PGP SIGNATURE-----


On Mon, Apr 20, 2015, 4:36 PM Patrick Kahr <patrick-Q10QtDXgdxI@public.gmane.org> wrote:

On 20/04/15 22:09, Brian Minton wrote:
> I was thinking about running sks on a Raspberry Pi.  What kind of
> device are you using?

Running it on a Raspberry Pi shouldn't be a problem as SKS is pretty low
on resources (except for the building process).
What are you using for the reverse proxy ? Apache eats a lot of RAM so
you might want to use HAProxy (http://www.haproxy.org/). Here's a useful
Howto: http://adamas.ai/cgi-bin/wiki.pl/SKS-Keyserver

Patrick

>
> _______________________________________________
> Sks-devel mailing list
> Sks-devel <at> nongnu.org
> https://lists.nongnu.org/mailman/listinfo/sks-devel
>

--
KAHR Patrick
patrick-s/ExKmfu4Xk@public.gmane.org | https://blog.kahpa.lu

<div>
<p dir="ltr">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256</p>
<p dir="ltr">I'd probably use nginx, which has a pretty low footprint.
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: OpenKeychain v3.1.2</p>
<p dir="ltr">iIAEAREIACghHEJyaWFuIE1pbnRvbiA8YnJpYW5AbWludG9uLm5hbWU+BQJVNWVE<br>
AAoJEGuOs6Blz7qpA1oA/0nfSXiqUohXZur3HDOykQI5GexMq0f/uwHVMZ6BkFFW<br>
AP9GHHnhbG1bw4WghDKf7HEQbDTq0ZoJJe9A8EQXo1lHNw==<br>
=+Lzg<br>
-----END PGP SIGNATURE-----</p>
<br><div class="gmail_quote">On Mon, Apr 20, 2015, 4:36 PM&nbsp;Patrick Kahr &lt;<a href="mailto:patrick@...">patrick@...</a>&gt; wrote:<br><blockquote class="gmail_quote">
<br>
On 20/04/15 22:09, Brian Minton wrote:<br>
&gt; I was thinking about running sks on a Raspberry Pi.&nbsp; What kind of<br>
&gt; device are you using?<br><br>
Running it on a Raspberry Pi shouldn't be a problem as SKS is pretty low<br>
on resources (except for the building process).<br>
What are you using for the reverse proxy ? Apache eats a lot of RAM so<br>
you might want to use HAProxy (<a href="http://www.haproxy.org/" target="_blank">http://www.haproxy.org/</a>). Here's a useful<br>
Howto: <a href="http://adamas.ai/cgi-bin/wiki.pl/SKS-Keyserver" target="_blank">http://adamas.ai/cgi-bin/wiki.pl/SKS-Keyserver</a><br><br>
Patrick<br><br>
&gt;<br>
&gt; _______________________________________________<br>
&gt; Sks-devel mailing list<br>
&gt; <a href="mailto:Sks-devel@..." target="_blank">Sks-devel <at> nongnu.org</a><br>
&gt; <a href="https://lists.nongnu.org/mailman/listinfo/sks-devel" target="_blank">https://lists.nongnu.org/mailman/listinfo/sks-devel</a><br>
&gt;<br><br>
--<br>
KAHR Patrick<br><a href="mailto:patrick@..." target="_blank">patrick@...</a> | <a href="https://blog.kahpa.lu" target="_blank">https://blog.kahpa.lu</a><br><br>
</blockquote>
</div>
</div>
Daniel Roesler | 20 Apr 22:34 2015
Picon

Application for hkps pool


Howdy all,

I was wondering if servers could still apply for the
hkps pool? I've tried following the instructions on
https://sks-keyservers.net/overview-of-pools.php and
contacted 0x0B7F8B60E3EDFAE3, but haven't heard back.

Is there somewhere else I should be applying? Am I
missing some requirements somewhere?

Thanks!
Daniel Roesler

seeking peers for keys.enteig.net

Hi,

I am looking for peers for a new SKS keyserver installation.

I am running SKS version 1.1.5, on keys.enteig.net.
I am running this on a little ARM device at a home in Berlin, Germany.
The machine has no IPv6 connectivity.

I have loaded a keydump from http://keyserver.mattrude.com/dump/current/, dated 2015-04-18.
I see 3914274 keys loaded.

For operational issues, please contact me directly.

keys.enteig.net 11370 # Malte <malte@...> 0x0CC576E9703E1DDC

Thank you,
-Malte Dik

PS: What magnitude of traffic do I have to expect from this experiment?

Mike Forbes | 20 Apr 02:03 2015
Picon

Seeking peers for pgp.net.nz


Hi,

I am looking for peers for a rebuilt SKS keyserver installation.

We (NZRS) currently operate pgp.net.nz with an old version.
It's been mostly forgotten about but I've had the task of giving it a
new lease of life.

The existing server has the following peers:
pgp.mit.edu
keys.keysigning.org
keys.riverwillow.net.au
keyserver.sparcs.net
keyserver.oeg.com.au

This request is to continue the use of the above, but if you admin one
of them and would like to suggest a removal or change please let me know
.

Additionally, we'd welcome other peers.

I've just finished building up a new install to be hosted on new gear.

The membership line should be:
pgp.net.nz 11370 # support@...

We are New Zealand's domain name registry service.

The server is physically located in Wellington, New Zealand.
The machine currently has no IPv6 connectivity, but will in the
following month.

I have loaded a keydump from http://keyserver.mattrude.com/dump/
dated 2015-04-14 and also loaded the existing keys from our previous
install (also dated 2015-04-14)

I see 3909479 keys loaded.

For operational issues, please contact me directly.

Thanks,
--

-- 
Mike Forbes
System Administrator

NZRS Ltd.
M +64 21 999 416
P +64 4 555 0125

PGP: A2BB DF0B 311C 3C8F E1D7  5EEB DA03 46C0 D68F BF2E

Hendrik Grewe | 11 Apr 12:05 2015
Picon

Re: sks.disunitedstates.com down and out

Hi!
As requested I have removed you from my membership file.
For informational purpouse:
I am running my sks on the tinyest VPS (parallels) from 1&1 it is a
special offer for students, is rate unlimited and costs 1€/year so very
very cheap (and powerless 2 gigs ram, 40 gigs discspace  1x2Ghz core).
The VPS currently serves a postfix/dovecot/amavis/spamassasin/roundcube
mailserver, LAMP stack + sks.

I did not have any issues with BerkleyDB / sks so far.
I think Berkley DB is wellsuited for use of a keyserver since it is
optimised for key/value pairs (to quote Wikipedia):
>BDB stores arbitrary key/data pairs as byte arrays, and supports
>multiple data items for a single key. Berkeley DB is not a relational
>database.

I don't think there will (ever?) be a swith from BDB to any relational
database, as those features are not needed.

Also what I have read about your tries to "recover" the database. I
think I have read in some FAQ that one should _not_ try to recover a
(somehow) corrupted sks database. Instead one should start (from
skratch) with some actual keydump.

But nevertheless thank you for your services within the SKS pool.

Hendrik

Am 11.04.2015 um 00:44 schrieb David Benfell:
> Hello all,
> 
> There are a few folks in my membership file for whom I do not have email
> addresses. This is mostly for them.
> 
> I have previously commented on the difficulty of keeping the sks
> database healthy. I just discovered my sks instance had been down for
> several days. I tried to recover and it crashed again.
> 
> I'm giving up.
> 
> When there is an sks that uses a reliable database system, I'll be happy
> to rejoin. But Berkeley DB is not sane in my environment, has never
> proven scalable in any environment I've had in the past, and I'm not
> messing with it any more.
> 
> 
> _______________________________________________
> Sks-devel mailing list
> Sks-devel@...
> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 

-- 
_____________________________________________________________________
Hendrik Grewe                            Hendrik.Grewe@...
Public PGP-Key                           http://mypgpkey.b4ckbone.org
PGP-Fingerprint     B8D6 0D8C F5A9 410A 8077 66AE CF08 65D2 0A09 6F7B

PGP-encrypted mails are welcome!
_____________________________________________________________________

Hi!
As requested I have removed you from my membership file.
For informational purpouse:
I am running my sks on the tinyest VPS (parallels) from 1&1 it is a
special offer for students, is rate unlimited and costs 1€/year so very
very cheap (and powerless 2 gigs ram, 40 gigs discspace  1x2Ghz core).
The VPS currently serves a postfix/dovecot/amavis/spamassasin/roundcube
mailserver, LAMP stack + sks.

I did not have any issues with BerkleyDB / sks so far.
I think Berkley DB is wellsuited for use of a keyserver since it is
optimised for key/value pairs (to quote Wikipedia):
>BDB stores arbitrary key/data pairs as byte arrays, and supports
>multiple data items for a single key. Berkeley DB is not a relational
>database.

I don't think there will (ever?) be a swith from BDB to any relational
database, as those features are not needed.

Also what I have read about your tries to "recover" the database. I
think I have read in some FAQ that one should _not_ try to recover a
(somehow) corrupted sks database. Instead one should start (from
skratch) with some actual keydump.

But nevertheless thank you for your services within the SKS pool.

Hendrik

Am 11.04.2015 um 00:44 schrieb David Benfell:
> Hello all,
> 
> There are a few folks in my membership file for whom I do not have email
> addresses. This is mostly for them.
> 
> I have previously commented on the difficulty of keeping the sks
> database healthy. I just discovered my sks instance had been down for
> several days. I tried to recover and it crashed again.
> 
> I'm giving up.
> 
> When there is an sks that uses a reliable database system, I'll be happy
> to rejoin. But Berkeley DB is not sane in my environment, has never
> proven scalable in any environment I've had in the past, and I'm not
> messing with it any more.
> 
> 
> _______________________________________________
> Sks-devel mailing list
> Sks-devel@...
> https://lists.nongnu.org/mailman/listinfo/sks-devel
> 

--

-- 
_____________________________________________________________________
Hendrik Grewe                            Hendrik.Grewe@...
Public PGP-Key                           http://mypgpkey.b4ckbone.org
PGP-Fingerprint     B8D6 0D8C F5A9 410A 8077 66AE CF08 65D2 0A09 6F7B

PGP-encrypted mails are welcome!
_____________________________________________________________________

Christian Felsing | 11 Apr 08:22 2015
Picon

Re: sks.disunitedstates.com down and out

Hello David,

as desired I removed your server from our membership file.

I am running SKS 1.1.5+ on CentOS6 (LXC container) and CentOS7 (KVM) for
a long time w/o problems. In the past I had similar problems, but
switching clocksource to tsc solved database problems. My current
installations are working with tsc (LXC) and kvm-clock (kvm)

You should give it a new try, may be it will work then.

An other SKS server admin found a problem if sks recon is running via
haproxy tcp: SKS consumes lot of memory and does no longer gossip keys
then while tcp service is still available. This can be exploited only,
if there is a membership entry to such a server.

If there is a documentation how recon works, I would consider to build a
new solution on Jetty with Hypersonic SQL or any other JDBC database.
BouncyCastle is able to analyze PGP keys. Java is considered to be more
spread than ocaml.

Christian

Am 11.04.2015 um 00:44 schrieb David Benfell:

> I have previously commented on the difficulty of keeping the sks
> database healthy. I just discovered my sks instance had been down for
> several days. I tried to recover and it crashed again.
> 
> I'm giving up.
> 
> When there is an sks that uses a reliable database system, I'll be happy
> to rejoin. But Berkeley DB is not sane in my environment, has never
> proven scalable in any environment I've had in the past, and I'm not
> messing with it any more.

Michael Sinatra | 11 Apr 01:10 2015
Picon

Re: sks.disunitedstates.com down and out

On 04/10/15 15:44, David Benfell wrote:

> I'm giving up.
> 
> When there is an sks that uses a reliable database system, I'll be happy
> to rejoin. But Berkeley DB is not sane in my environment, has never
> proven scalable in any environment I've had in the past, and I'm not
> messing with it any more.

I had terrible stability problems when trying to run an SKS server on a
VM platform (VMware ESXi 5.x).  Once I moved it to standalone hardware,
it has been rock solid.

Just a datum--not trying to talk you out of it...

michael

David Benfell | 11 Apr 00:44 2015

sks.disunitedstates.com down and out

Hello all,

There are a few folks in my membership file for whom I do not have  
email addresses. This is mostly for them.

I have previously commented on the difficulty of keeping the sks  
database healthy. I just discovered my sks instance had been down for  
several days. I tried to recover and it crashed again.

I'm giving up.

When there is an sks that uses a reliable database system, I'll be  
happy to rejoin. But Berkeley DB is not sane in my environment, has  
never proven scalable in any environment I've had in the past, and I'm  
not messing with it any more.
-- 
David Benfell <benfell@...>
Hello all,

There are a few folks in my membership file for whom I do not have  
email addresses. This is mostly for them.

I have previously commented on the difficulty of keeping the sks  
database healthy. I just discovered my sks instance had been down for  
several days. I tried to recover and it crashed again.

I'm giving up.

When there is an sks that uses a reliable database system, I'll be  
happy to rejoin. But Berkeley DB is not sane in my environment, has  
never proven scalable in any environment I've had in the past, and I'm  
not messing with it any more.
--

-- 
David Benfell <benfell@...>
Kiss Gabor (Bitman | 10 Apr 09:40 2015
Picon

Re: memory leak: solved

> I removed peering due to your mail this morning. If you want to try again, I
> can add your line to our membership file. Our config changed this morning, so
> things may changed

Eeerrrr... You are right. :-)
I just did not think you read my mail because I got no feedback
from you in the past months.

If you don't mind I do not force this peering for a while.
It suffers from some technical problem.

(Please keep list address in Cc.)

Gabor
--

-- 
A mug of beer, please. Shaken, not stirred.


Gmane