On Mon, Jul 01, 2019 at 06:41:41PM +0200, Werner Koch via Gnupg-users wrote:
On Mon, 1 Jul 2019 10:27, konstan...@linuxfoundation.org said:
- subkey changes
An expired key triggers a reload of the key via WKD or DANE. Modulo the
problems I mentioned in the former mail. For new subkeys we have a
problem unless we do a regular refresh similar to what should be done
for revocations.
Most subkey changes that I am aware of are not due to people's old
subkeys expiring, but because they add new ones for reasons like
migrating between smartcard solutions or just being nerdy and picking a
new ECC-based subkey.
When this happens, a maintainer who tries to verify a signed pull
request will have the operation fail, so they need to have a way to
force-refresh the developer's key. I would say this is the #1 workflow
scenario that I need to fix if we can't rely on the SKS network any
more.
-K
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users