[BUG] pgp.mit.edu is no longer active

[johnnybubonic]

Description
Any gpg. modules that call to a keyserver, unless one is explicitly specified, will fail.

This is because SKS, the keyserver cluster that was commonly in use (and the cluster that the current default keyserver, pgp.mit.edu, was a part of), has been completely obsoleted and decommissioned. Has been for about 2 years now.

Recently, pgp.mit.edu finally decommissioned as well (which was for the best; it wasn't receiving new peered keys anyways).

There are two alternatives, however, currently in wide usage:

• https://keys.openpgp.org/
• https://keyserver.ubuntu.com/

OpenPGP's keyserver runs Hagrid. It offers email validation (and hides email addresses on key UIDs/makes email searching impossible until they are validated, with the option to hide email addresses post-validation but still make searchable. I believe it strips all other UID info e.g. photos).

Ubuntu/Canonical's keyserver runs Hockeypuck, which essentially is a complete rewrite of SKS.

This said, I recommend using OpenPGP's keyserver as it's the compiled-in default now (from what I recall) and replacing all instances of pgp.mit.edu with keys.openpgp.org:

• https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L219
• https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L238
• https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L884
• https://github.com/saltstack/salt/blob/master/salt/modules/gpg.py#L914
• https://github.com/saltstack/salt/blob/master/salt/modules/dockermod.py#L1719
• https://github.com/saltstack/salt/blob/master/doc/man/salt.7 (lines 164633, 187294, 187335)

(It may make sense to set the default keyserver as a dundered module-scoped "constant", e.g. _default_keyserver = 'keys.openpgp.org' in salt/modules/gpg.py.)

[garethgreenaway]

Fixed by #63952. If the issue persists please open a new issue.