On Thu, May 5, 2011 at 4:10 PM, Doug Barton <do...@dougbarton.us> wrote: > On 05/04/2011 23:52, Andreas Heinlein wrote: >> >> We have a OpenPGP key which we use for signing our software releases. >> That key should be changed yearly and carry an expiration date to >> enforce this change. > > What are you trying to accomplish by doing it this way? I've yet to see a > good rationale for setting expiration dates on keys, but perhaps you can be > the first. :) I would guess that Andreas is practicing Key Management (http://www.cacr.math.uwaterloo.ca/hac/about/chap13.pdf). I've also seen similar arise in compliance and auditing.
Jeff _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users