[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

GPG ignoresthat a key is expired

On Mon, 19 Feb 2001, Zed Pobre wrote:

>     Just wait, I expect, but I wouldn't worry about looking for
> sponsors, since uploads from expired keys aren't rejected.  The key I
> use for uploading expired some months ago, and although my new key
> still hasn't been put in the keyring, I'm not having any problems
> uploading.

<--  snip  -->

$ gpg --verify  mtools_3.9.7+20001213-2_i386.changes
gpg: Signature made Sun Jan 14 19:35:31 2001 CET using DSA key ID 6A40C91E
gpg: Good signature from "Adrian Bunk <bunk@fs.tum.de>"
gpg:                 aka "Adrian Bunk <bunk@debian.org>"
$ gpg --list-keys 6A40C91E
pub  1024D/6A40C91E 2000-08-20 Adrian Bunk <bunk@fs.tum.de>
uid                            Adrian Bunk <bunk@debian.org>
sub  2048g/66774AB6 2000-08-20 [expires: 2001-02-16]

$ date
Tue Feb 20 15:24:03 CET 2001

<--  snip  -->

Can anyone explain why gpg ignores that a key is expired? I consider this
a big security hole!



Nicht weil die Dinge schwierig sind wagen wir sie nicht,
sondern weil wir sie nicht wagen sind sie schwierig.

Reply to: