|
| From: | Tim Ruehsen |
| Subject: | [Savannah-hackers-public] [task #15140] Automatically updating GPG keys when expired |
| Date: | Thu, 3 Jan 2019 04:13:45 -0500 (EST) |
| User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0 |
URL:
<https://savannah.gnu.org/task/?15140>
Summary: Automatically updating GPG keys when expired
Project: Savannah Administration
Submitted by: rockdaboot
Submitted on: Thu 03 Jan 2019 10:13:43 AM CET
Should Start On: Thu 03 Jan 2019 12:00:00 AM CET
Should be Finished on: Thu 03 Jan 2019 12:00:00 AM CET
Category: None
Priority: 5 - Normal
Status: None
Privacy: Public
Percent Complete: 0%
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Effort: 0.00
_______________________________________________________
Details:
Manually refreshing/updating one's GPG key at Savannah is a manual process and
easily forgotten.
I wonder if there is any security impact to automatically fetch expired GPG
keys from a public keyserver. Given that the key itself didn't change and
isn't revoked.
E.g. my GPG key expires every 2 years. Shortly before it does I refresh the
expire time and upload the key to the keyserver infrastructure. It is tedious
to remember all the sites that need a manual update as well (like Savannah).
It took a bug report against GNU Wget to update my key today - it was expired
since 2016 !
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/task/?15140>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |