Re: Expired GPG keys of older release
- Date: Sat, 23 Jun 2018 10:42:44 +0200
- From: john doe <johndoe65534@xxxxxxxx>
- Subject: Re: Expired GPG keys of older release
On 6/23/2018 8:58 AM, tomas@xxxxxxxxxx wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On Fri, Jun 22, 2018 at 11:48:00PM -0500, David Wright wrote:
On Fri 22 Jun 2018 at 21:12:51 (+0200), tomas@xxxxxxxxxx wrote:
Well, I attempted to supply that in
but I have no idea whether that would be achievable in docker
or not because the suggestion has had no follow-up.
I'm not the docker guy, and there are lots of "interesting" things
around, so I won't be the one. But I'm curious too...
BTW Reading your "Keys *have* to expire at some point, and you can't
re-sign archived packages with a fresh key", it's not clear why the
expired key can't be unexpired, ie given an expiration date in the
future, if it's known to be still good.
Yes, you're right: a GPG key's validity can be extended with a new
certificate (whether it's responsible to do is another thing, since
available computing power grows, *and* there has been more time to
hack at this key, its crypto, and for things to leak). So practically
speaking still keys have to expire at some point.
Or maybe key transitioning could be an option: