Looks like this subject is not over, I can’t be verified either.
It looks like pool.sks-keyservers.net is just not valid any more, the domain name does not even resolve:
$ host pool.sks-keyservers.net 188.8.131.52
Using domain server:
Host pool.sks-keyservers.net not found: 3(NXDOMAIN)
gpg’s error message on this is quite surprising:
$ gpg --keyserver hkp://pool.sks-keyservers.net --recv-keys 74AF05DDD92027F5F0C3CDD50D85F29625A3F9FD
gpg: keyserver receive failed: No name
In fact the cert on https://sks-keyservers.net/ has expired 3 months ago, it looks like we should find an alternative keyserver.
check-git-signature script has a fallback to keys.openpgp.org, but receiving from that one just does not work well (despite
exit(0) on gpg side):
$ gpg --keyring $(mktemp) --no-default-keyring --keyserver hkps://keys.openpgp.org --recv-key 74AF05DDD92027F5F0C3CDD50D85F29625A3F9FD
gpg: key 0D85F29625A3F9FD: new key but contains no user ID - skipped
gpg: Total number processed: 1
gpg: w/o user IDs: 1
gnupg - gpg: can't import key: "new key but contains no user ID - skipped" - Super User teaches that openpgp.org strips userids, and it does not look like the gpg versions in debian-10 or fedora-32 will provide an option to recv those keys. And hints about hkps://keyserver.ubuntu.com, which does work AFAICT.
Am I alone in finding all those small facts about pgp/gpg quite scary ?