We should set up WKD for our OpenPGP public keys. This aids discovarability and authentication of the keys and is effectively a federated alternative to keyservers.
The easy way is to publish the keys to keys.openpgp.org (which we need to do anyway) and delegate to them via a DNS record like this:
openpgpkey.forgejo.org. 300 IN CNAME wkd.keys.openpgp.org.
The alternative is to self-host the keys on our own domain at the .well-known/openpgpkey/hu/ path. It is complicated to calculate the required filenames but there are generators.
We should set up [WKD](https://wiki.gnupg.org/WKD) for our OpenPGP public keys. This aids discovarability and authentication of the keys and is effectively a federated alternative to keyservers.
The easy way is to publish the keys to [keys.openpgp.org](https://keys.openpgp.org) (which we need to do anyway) and [delegate to them](https://keys.openpgp.org/about/usage#wkd-as-a-service) via a DNS record like this:
```
openpgpkey.forgejo.org. 300 IN CNAME wkd.keys.openpgp.org.
```
The alternative is to [self-host](https://wiki.gnupg.org/WKDHosting) the keys on our own domain at the `.well-known/openpgpkey/hu/` path. [It is complicated to calculate the required filenames](https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service#section-3.1) but [there are generators](https://keyoxide.org/util/wkd).