This sounds reasonable, and I agree that it is probably overdue. It might even be conceivable to go one step further and review all keys in the keyring that have no expiry date. looking through the keyring I see a number of candidates that will probably not contribute again.
I'll whip up a script to try and find out what packages are signed by those keys. -A On Jun 15 24, bill-auger wrote: > my GPG key is due to expire; so i need to rebuild the keyring package this > week > - i just ran the tool i made that reports the status of the keys in the > keyring, and noticed that a newly expired key appeared on the error list; > which reminded me that a clean-up is overdue - all of those keys are for team > members who have been inactive for several years; so i plan to remove those > keys from the keyring this time > > there should be no consequence of this for users - expired keys are harmless > anyways - this is only a matter of tidiness > > gaming4jc is the only one who may still have signed packages in the repos - > there is a ticket about that; because he voluntarily notified us that he would > no longer be contributing: https://labs.parabola.nu/issues/2405 - we rebuilt > most of those a few years back - any remaining ones are probably all in PCR; > and unnoticed because no one has complained about them - clearly, no one wants > to use those anymore; so it is probably best to evict those packages rather > than > to maintain them - i may tend to that next and close that ticket > > > == ExpiredKeys == > > jorginho: > 8C3F8ABD30DF2AFAC6C039A45906AB5E9AAD00E5=2019-01-10 > xihh: > 0EF5D686FC13831A54874C275FC681B4822DABB0=2017-10-04 > gaming4jc: > CB6E213A349B8DF9E96B622AC3F4FFCF3EAE8697=2019-07-10 > shackra: > 1285E187FDE4EF93444F75F9A3CDCDE939A264EE=2022-10-02 > fauno: > 49F707A1CB366C580E625B3C456032D717A4CD9C=2023-06-15 > _______________________________________________ > Dev mailing list > [email protected] > https://lists.parabola.nu/mailman/listinfo/dev -- ------------------------------------------------------------------------------ my GPG Public Key: https://files.grapentin.org/.gpg/public.key ------------------------------------------------------------------------------
signature.asc
Description: PGP signature
_______________________________________________ Dev mailing list [email protected] https://lists.parabola.nu/mailman/listinfo/dev
