# Do SKS Keyserver Attacks Affect FreeBSD?



## gladiola (Jun 30, 2019)

I saw this Githib Gist about a poisoning attack on a keyserver that was causing some problems with OpenPGP.  I noticed one person pointed out that Linux distros are verified with keys that may be later confounded because of this attack.  How about FreeBSD? When we download patches and use freebsd-update, are we relying on this same OpenPGP keyserver infrastructure?









						SKS Keyserver Network Under Attack
					

SKS Keyserver Network Under Attack. GitHub Gist: instantly share code, notes, and snippets.




					gist.github.com


----------



## SirDice (Jul 1, 2019)

gladiola said:


> When we download patches and use freebsd-update, are we relying on this same OpenPGP keyserver infrastructure?


Not that I'm aware of.


----------



## Phishfry (Jul 1, 2019)

Reading about that whole controversy left me really shaking my head about a security application.
security/gnupg is in ports so it might affect ports that use it but it is not used in the base system.
KDE seems to pull it in.


----------

