Re: many builds missing for krb5-appl & opensaml2 in stable-security
Hi Kurt,
Op zondag 25 september 2011 17:48:46 schreef Kurt Roeckx:
> On Sun, Sep 25, 2011 at 01:35:46PM +0200, Kurt Roeckx wrote:
> > I also don't understand why they get rejected once the key
> > expired. The signatures are from before the key expired and
> > perfectly valid.
>
> I should probably clarify this. Of course you can't trust that
> the signature wasn't made after the key expired.
Why do these keys expire so quickly? Can't we have a really large window, say
a year, in which the key stays valid after the date it was last in use?
> But we really should have a process so that once it's accepted it
> stays accepted, even when it moves to an other host.
How do you propose we solve this concrete issue?
Thijs
Reply to: