Merge bitcoin#23466: doc: Suggest keys.openpgp.org as keyserver in SECURITY.md

fanquake · fanquake · commit c702d1fefddc · 2021-11-09T06:40:53.000+08:00
90f1f84 doc: Suggest `keys.openpgp.org` as keyserver in SECURITY.md (Tim Ruffing) Pull request description: `--recv-keys` without a `--keyserver` arg simply failed for me on a fresh Arch Linux installation, so I think it's a good idea to suggest a keyserver. OpenPGP ecosystem is broken in a number of ways, so the right way to approach this issue has some potential for bikeshedding. But the only thing that this PR does is to keep `SECURITY.md` in line with the instructions for builder keys, where there was agreement on switching to `keys.openpgp.org` (bitcoin#22688). ACKs for top commit: MarcoFalke: review ACK 90f1f84 laanwj: Review ACK 90f1f84 hebasto: ACK 90f1f84, agree with arguments above. Zero-1729: ACK 90f1f84 Tree-SHA512: 1ab20c837cd952aa32b57473772cbfd33411a08db6e88b951bce38f76a3c509c0e91d6944ec0ca5eac8d5eb4d98a5489276d55691328f2e2556b2640f8e7c108
diff --git a/SECURITY.md b/SECURITY.md
@@ -17,4 +17,4 @@ The following keys may be used to communicate sensitive information to developer
 | Pieter Wuille | 133E AC17 9436 F14A 5CF1  B794 860F EB80 4E66 9320 |
 | Michael Ford | E777 299F C265 DD04 7930  70EB 944D 35F9 AC3D B76A |
 
-You can import a key by running the following command with that individual’s fingerprint: `gpg --recv-keys "<fingerprint>"` Ensure that you put quotes around fingerprints containing spaces.
+You can import a key by running the following command with that individual’s fingerprint: `gpg --keyserver hkps://keys.openpgp.org --recv-keys "<fingerprint>"` Ensure that you put quotes around fingerprints containing spaces.
