URL:
<https://savannah.gnu.org/task/?15140>
Summary: Automatically updating GPG keys when expired
Project: Savannah Administration
Submitted by: rockdaboot
Submitted on: Thu 03 Jan 2019 10:13:43 AM CET
Should Start On: Thu 03 Jan 2019 12:00:00 AM CET
Should be Finished on: Thu 03 Jan 2019 12:00:00 AM CET
Category: None
Priority: 5 - Normal
Status: None
Privacy: Public
Percent Complete: 0%
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Effort: 0.00
_______________________________________________________
Details:
Manually refreshing/updating one's GPG key at Savannah is a manual process and
easily forgotten.
I wonder if there is any security impact to automatically fetch expired GPG
keys from a public keyserver. Given that the key itself didn't change and
isn't revoked.
E.g. my GPG key expires every 2 years. Shortly before it does I refresh the
expire time and upload the key to the keyserver infrastructure. It is tedious
to remember all the sites that need a manual update as well (like Savannah).
It took a bug report against GNU Wget to update my key today - it was expired
since 2016 !
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/task/?15140>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
