+We are pleased to announce the availability of a new stable SKS
+SKS is an OpenPGP keyserver whose goal is to provide easy to deploy,
+decentralized, and highly reliable synchronization. That means that a
+key submitted to one SKS server will quickly be distributed to all key
+servers, and even wildly out-of-date servers, or servers that experience
+spotty connectivity, can fully synchronize with rest of the system.
+ - Fix X-HKP-Results-Count so that limit=0 returns no results, but include
+ the header, to let a client poll for how many results exist, without
+ retrieving any. Submitted by Phil Pennock. See:
+ - Add UPGRADING document to explain upgrading Berkeley DB without
+ rebuilding. System bdb versions often change with new SKS releases
+ for .deb and .rpm distros.
+ - Cleanup build errors for bdb/bdb_stubs.c. Patch from Mike Doty
+ - Update cryptokit from version 1.0 to 1.5 without requiring OASIS
+ build system or other additional dependencies
+ - build, fastbuild, & pbuild fixed to ignore signals USR1 and USR2
+ - common.ml and reconSC.ml were using different values for minumimum
+ compatible version. This has been fixed.
+ - Added new server mime-types, and trying another default document (Issue 6)
+ In addition to the new MIME types added in 1.1., the server now
+ looks over a list and and serves the first index file that it finds
+ Current list: index.html, index.htm, index.xhtml, index.xhtm, index.xml.
+ - options=mr now works on get as well as (v)index operations. This is
+ described in http://tools.ietf.org/html/draft-shaw-openpgp-hkp-00
+ sections 220.127.116.11. and 5.1.
+ - Updated copyright notices in source files
+ - Added sksclient tool, similar to old pksclient
+ - Add no-cache instructions to HTTP response (in order for reverse proxies
+ not to cache the output from SKS)
+ - Use unique timestamps for keydb to reduce occurrances of Ptree corruption.
+ - Added Interface specifications (.mli files) for modules that were missing
+ - Yaron pruned some no longer needed source files from the tree.
+ - Improved the HTTP status and HTTP error codes returned for various
+ situations and added checks for more error conditions.
+ - Add a suffix to version (+) indicating non-release or development builds
+ - Add an option to specify the contact details of the server administrator
+ that shows in the status page of the server. The information is in the
+ form of an OpenPGP KeyID and set by server_contact: in sksconf
+ - Add a `sks version` command to provide information on the setup.
+ - Added configuration settings for the remaining database table files. If
+ no pagesize settings are in sksconf, SKS will use 2048 bytes for key
+ and 512 for ptree. The remainining files' pagesize will be set by BDB
+ based on the filesystem settings, typically this is 4096 bytes.
+ See sampleConfig/sksconf.typical for settings recommended by db_tuner.
+ - Makefile: Added distclean target. Dropped autogenerated file from VCS.
+ - Allow tuning BDB environment before creation in [fast]build and pbuild.
+ If DB_CONFIG exists in basedir, copy it to DB dir before DB creation.
+ Preference is given to DB_CONFIG.KDB and DB_CONFIG.PTree over DB_CONFIG.
+ - Add support for Elliptic Curve Public keys (ECDSA, ECDH)
+ - Add check if an upload is a revocation certificate, and if it is,
+ produce an error message tailored for this.
+Note when upgrading from earlier versions of SKS
+The default values for pagesize settings have changed. To continue
+using an existing DB without rebuilding, explicit settings have to be
+added to the sksconf file.
+SKS can be downloaded from
+There are a few prerequisites to building this code. You need:
+* ocaml-3.10.2 or later. Get it from <http://www.ocaml.org>
+ ocaml-3.12.x is recommended, ocaml-4.x is not recommended at this time
+* Berkeley DB version 4.6.* or later, whereby 4.8 or later is recommended.
+ You can find the appropriate versions at
+Verifying the integrity of the download
+Releases of SKS are signed using the SKS Keyserver Signing Key
+available on public keyservers with the KeyID
+and has a fingerprint of
+ C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A.
+Using GnuPG, verification can be accomplished by, first, retrieving the signing key using
+ gpg --keyserver pool.sks-keyservers.net --recv-key 0x41259773973A612A
+followed by verifying that you have the correct key
+ gpg --keyid-format long --fingerprint 0x41259773973A612A
+ pub 4096R/41259773973A612A 2012-06-27
+ Key fingerprint = C90E F143 0B3A C0DF D00E 6EA5 4125 9773 973A 612A
+A check should also be made that the key is signed by
+ gpg --list-sigs 0x41259773973A612A
+and the fingerprint should be verified through other trustworthy sources.
+Once you are certain that you have the correct key downloaded, you can create
+a local signature, in order to remember that you have verified the key.
+ gpg --lsign-key 0x41259773973A612A
+Finally; verifying the downloaded file can be done using
+ gpg --keyid-format long --verify sks-x.y.z.tgz.asc
+The resulting output should be similar to
+ gpg: Signature made Wed Jun 27 12:52:39 2012 CEST
+ gpg: using RSA key 41259773973A612A
+ gpg: Good signature from "SKS Keyserver Signing Key"
+We have to thank all the people who helped with this release, by discussions on
+the mailing list, submitting patches, or opening issues for items that needed
+ The SKS Team (Yaron, John, Kristian, Phil, and the other contributors)