To conclude, neither revocation or expiry is particularly meaningful in the rpm
context, only a very limited subset of OpenPGP spec is relevant to rpm.
Revoking has been discussed at length here already, and while expiry is far
simpler on the outset, tick of the clock will not remove expired software from
the system so checking for it at the door would only make things weirder,
*security* would not be improved in the slightest.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/1598#issuecomment-919811790
_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint