On Jul 18, 2013, at 8:41 AM, Martin Desruisseaux <[email protected]> wrote:
> Hello Suresh > > > Le 18/07/13 14:36, Suresh Marru a écrit : >> If there are no objections, I will create a >> https://svn.apache.org/repos/asf/sis/sandbox/gsoc2013 and have Nadeem submit >> patches to this repo. > > Cool, thanks :-). On my side I had a look at the Shapefile new code and will > post some proposals later. In the main time, I'm trying to find my way in the > Apache release instructions, especially regarding PGP keys... I may post some > questions later. Yes, I will be happy to help if I can. My only constraints are I am traveling from July 21st to 26th, but otherwise available to assist with the release. > > Well, one question I have right now: if we create a key with limited validity > time (e.g. 5 years), does anyone know what happen to softwares signed with > that key after the validity time expired? A good question. A key certainly can be renewed and extended the expiry time. But I never thought of this and makes me wonder. As you can read here - http://www.gnupg.org/gph/en/manual.html#AEN329 the key expiry is associated with the key's self sign. So I am not sure how will the integrity be preserved. I am sure there will be a way and ASF has experts who can answer this question. But to start with, I would not worry about it but will poke around at leisure. Suresh > > Martin >
