Re: Failing GPG key
Mathias Behrle <mbehrle@debian.org> writes:
> I have set up an expiry on my GPG key:
> - originally set to 2019-04-07
> - updated on 2019-04-08 to 2021-04-06 and pushed to various keyservers
> including keyring.debian.org.
All discussion of the right way to handle keyring updates for a vote
aside, this is a good reminder that one of the drawbacks of setting key
expirations is that bumping the expiration date (or adding a new subkey)
is a bit more involved than it may appear and takes a while to propagate.
I bump the expiration date or generate a new subkey six months before the
current one will expire, and immediately push the new one to both the
general keyserver network and to keyring.debian.org. Since I started
doing that, I've not had any problems; before that, I would occasionally
have trouble uploading to the backports archive or other issues due to
slower keyring updates. Unless you have a specific application in mind
for a faster key expiration, I can recommend that practice as one that
seems to avoid issues.
(This is not to imply in any way that this is your fault. I found this
aspect of things quite unintuitive myself.)
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: