sks-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sks-devel] One Way replication (for test environments)

From: Hendrik Visage
Subject: Re: [Sks-devel] One Way replication (for test environments)
Date: Mon, 18 Jun 2018 12:11:17 +0200
Well, the idea would be for these “researchers” to play with, and at least have something “newish” where I have some ingress point that propagates to some others, 

On 17 Jun 2018, at 14:59 , Andrew Gallagher <address@hidden> wrote:

You can’t do it using recon, because any additions to the test server will cause the key delta to diverge and recon will eventually fail.

Do you mean that the recon *needs* a similar from the destination? I don’t really care about it failing, it’ll then be a re-spin as you said below, but for example, the idea might be to inject problem keys into the tet environment, and the test environment’s problem keys not to “infest” the current public SKS keyservers.

The easiest way might be a docker image that pulls the latest dump from one of the public dump sources and spins up a fresh SKS instance from it. Then if you want to update the key database, you just redeploy the docker image.

The type of troubles we saw, I read as something that was caused as the updates was being recon’s between servers, after the problem keys was already injected, thus the idea would be multiple servers to test against, having some ingres feeeds from the public servers, but no egress to the public side. Might be good for others to test there “test certs/keys” against before actual publication??

---
Hendrik Visage


Attachment: signature.asc
Description: Message signed with OpenPGP

reply via email to
[Prev in Thread] Current Thread [Next in Thread]