Hi Paul!

Paul Garlick 写道：
> After renewing the expiration time of one's gpg key, and 
> uploading the
> updated key to Savannah, is it also necessary to update the
> corresponding file in the keyring branch?

No.

> I notice from the log that, so far, none of the original files 
> have
> been updated.  Does this mean that the original validation is 
> accepted
> for new commits signed with an updated key?

Yes.

The expiry date is not embedded in your cryptographic key, merely 
attached to it as a signed ‘packet’.

Of course, OpenPGP has a reputation to maintain as the most 
confusing software on earth, so all these packets are stored 
together with your cryptographic key(s) in a single file that 
everyone calls your... ‘key’.

Anyway: Guix ignores expiry dates by design.  It merely verifies 
that each commit was signed with an authorised key.

Kind regards,

T G-R