David Prévot dijo [Wed, Sep 23, 2020 at 10:49:33AM -0400]: > > And we would have everything in place to notify people whose key is > > to expire soon. > > Wonderful, thank you for working into making (part of) our lives easier!
:-] I will add this, but not to this script (thinking during breakfast... The script I modified is part of our test suite, and it'd be wrong to mark soon-to-expire keys as failing). But I think I will modify in this same way the mail_expired script - making it not consume from the no-expired test, but asking directly from gpg. I also just (!) took notice of this bug report and its history; although we informally discussed this a long time ago, I'd like to give _my_ answer to Jonathan's questions¹. Note that they are _my_ take on that, just as ⅓ of the relevant team (where Jonathan is another ⅓). ¹ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892058#10 - What email to notify from? I think it can be keyring-maint@d.o. Why not? It's not going to be so massive, and if we get bounces... Well, they will not be hundreds of them. - Which mail to notify? I think just the @debian.org address should suffice. Yes, we know of some DDs that disable this address, but I don't think they are significative enough for us to even notice. - How often? I often do a mail every time I push out a keyring (which is, approximately, one out of three months). I think we could do this run on a monthly basis, notifying people that are to expire in two or three months time. - Why is it keyring-maint's responsibility? It is not, but it is a service we can perform, much like any other person can. It just happens that we have all of the data in our hands. - How long to care for long expired keys? I often mail everybody with an expired key, but it'd be quite easy to have some different mails -- Could be along the lines of "Key about to expire, please act now" (-2 to 0 months), "Key recently expired" (0 to 3 months), "Do note your key has expired" (3 to 12 months), "Key long expired" (12 to 24 months), and... "Radio silence, please call in MIA".
signature.asc
Description: PGP signature