[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Failing GPG key

Mathias Behrle <mbehrle@debian.org> writes:

> I have set up an expiry on my GPG key:
> - originally set to 2019-04-07
> - updated on 2019-04-08 to 2021-04-06 and pushed to various keyservers
>   including keyring.debian.org.

All discussion of the right way to handle keyring updates for a vote
aside, this is a good reminder that one of the drawbacks of setting key
expirations is that bumping the expiration date (or adding a new subkey)
is a bit more involved than it may appear and takes a while to propagate.

I bump the expiration date or generate a new subkey six months before the
current one will expire, and immediately push the new one to both the
general keyserver network and to keyring.debian.org.  Since I started
doing that, I've not had any problems; before that, I would occasionally
have trouble uploading to the backports archive or other issues due to
slower keyring updates.  Unless you have a specific application in mind
for a faster key expiration, I can recommend that practice as one that
seems to avoid issues.

(This is not to imply in any way that this is your fault.  I found this
aspect of things quite unintuitive myself.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: