PGP's SKS infrastructure "was written in an obscure language by a PhD student for his thesis. And because of that, there is literally no one in the keyserver community who feels qualified to do a serious overhaul on the codebase" https://www.vice.com/en_us/article/8xzj45/someone-is-spamming-and-breaking-a-core-component-of-pgps-ecosystem
wait what's the language though?
@volt4ire from an end-user standpoint, do we know what workflows this could impact?
Enigmail, sure (fix: disable SKS integration). OS updates, probably not (typically repo pubkeys are cached in /etc by the installer). Developers verifying signed commits, probably (for what minority of commits are signed, much less verified).
A resilient PKI is obviously important, I just don't have a good sense of the systemic risk posed by DoS via SKS.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!