GPG ignoresthat a key is expired
On Mon, 19 Feb 2001, Zed Pobre wrote:
> Just wait, I expect, but I wouldn't worry about looking for
> sponsors, since uploads from expired keys aren't rejected. The key I
> use for uploading expired some months ago, and although my new key
> still hasn't been put in the keyring, I'm not having any problems
> uploading.
>...
<-- snip -->
$ gpg --verify mtools_3.9.7+20001213-2_i386.changes
gpg: Signature made Sun Jan 14 19:35:31 2001 CET using DSA key ID 6A40C91E
gpg: Good signature from "Adrian Bunk <bunk@fs.tum.de>"
gpg: aka "Adrian Bunk <bunk@debian.org>"
$ gpg --list-keys 6A40C91E
pub 1024D/6A40C91E 2000-08-20 Adrian Bunk <bunk@fs.tum.de>
uid Adrian Bunk <bunk@debian.org>
sub 2048g/66774AB6 2000-08-20 [expires: 2001-02-16]
$ date
Tue Feb 20 15:24:03 CET 2001
$
<-- snip -->
Can anyone explain why gpg ignores that a key is expired? I consider this
a big security hole!
cu
Adrian
--
Nicht weil die Dinge schwierig sind wagen wir sie nicht,
sondern weil wir sie nicht wagen sind sie schwierig.
Reply to: