[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Check your signing key expiration dates!

On Mon, 8 Jul 2019 10:03:36 +0300
Andrei POPESCU <andreimpopescu@gmail.com> wrote:

Hello Andrei,

>B7A15F455B287F384174D5E9E5EC4AC9BD627B05 (Donald Norwood's key used to 
>sign the release announcement). 

Probably only need the last eight chars of that fingerprint.  Of course,
with cut 'n' paste, it matters little.

>gpg did download it, but insisted there are no changes. Maybe the 

Just updated it here, and there were changes, 16 signatures cleaned, but
nothing other than that.  However, I know the last key refresh I did was
a few months ago.  With the DoS attack, I'm not likely to be refreshing
keys wholesale any more, even with "keyserver-options import-clean" in
my gpg.conf.  I know I have a copy of at least one key that, should I
refresh it carelessly, will do my GPG set up no favours.

>updated key was not published on SKS servers?

Yes, but also it depends on when you previously refreshed that key (no
update needed) and whether any changes have propagated to all servers in
the SKS pool.  If changes haven't been fully propagated, there's a (slim,
I imagine) chance that you connect to a server with the outdated key.

 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
I can't do a thing 'cause I can't relax
Independence Day - Comsat Angels

Attachment: pgp_rJ2t4jHvG.pgp
Description: OpenPGP digital signature

Reply to: