all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed
* gpg key expiration time
@ 2021-03-15 16:20 Paul Garlick
  2021-03-15 17:24 ` Tobias Geerinckx-Rice
  0 siblings, 1 reply; 3+ messages in thread
From: Paul Garlick @ 2021-03-15 16:20 UTC (permalink / raw)
  To: guix-devel

[-- Attachment #1: Type: text/plain, Size: 393 bytes --]

Hi Guix,

After renewing the expiration time of one's gpg key, and uploading the
updated key to Savannah, is it also necessary to update the
corresponding file in the keyring branch?

I notice from the log that, so far, none of the original files have
been updated.  Does this mean that the original validation is accepted
for new commits signed with an updated key?

Best regards,

Paul.





[-- Attachment #2: Type: text/html, Size: 728 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: gpg key expiration time
  2021-03-15 16:20 gpg key expiration time Paul Garlick
@ 2021-03-15 17:24 ` Tobias Geerinckx-Rice
  2021-03-15 22:23   ` Paul Garlick
  0 siblings, 1 reply; 3+ messages in thread
From: Tobias Geerinckx-Rice @ 2021-03-15 17:24 UTC (permalink / raw)
  To: Paul Garlick; +Cc: guix-devel

[-- Attachment #1: Type: text/plain, Size: 925 bytes --]

Hi Paul!

Paul Garlick 写道:
> After renewing the expiration time of one's gpg key, and 
> uploading the
> updated key to Savannah, is it also necessary to update the
> corresponding file in the keyring branch?

No.

> I notice from the log that, so far, none of the original files 
> have
> been updated.  Does this mean that the original validation is 
> accepted
> for new commits signed with an updated key?

Yes.

The expiry date is not embedded in your cryptographic key, merely 
attached to it as a signed ‘packet’.

Of course, OpenPGP has a reputation to maintain as the most 
confusing software on earth, so all these packets are stored 
together with your cryptographic key(s) in a single file that 
everyone calls your... ‘key’.

Anyway: Guix ignores expiry dates by design.  It merely verifies 
that each commit was signed with an authorised key.

Kind regards,

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 247 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: gpg key expiration time
  2021-03-15 17:24 ` Tobias Geerinckx-Rice
@ 2021-03-15 22:23   ` Paul Garlick
  0 siblings, 0 replies; 3+ messages in thread
From: Paul Garlick @ 2021-03-15 22:23 UTC (permalink / raw)
  To: Tobias Geerinckx-Rice; +Cc: guix-devel

Hi Tobias,

On Mon, 2021-03-15 at 18:24 +0100, Tobias Geerinckx-Rice wrote:

> The expiry date is not embedded in your cryptographic key, merely 
> attached to it as a signed ‘packet’.

Thanks. Got it!

Best regards,

Paul.



^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-03-15 22:23 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-03-15 16:20 gpg key expiration time Paul Garlick
2021-03-15 17:24 ` Tobias Geerinckx-Rice
2021-03-15 22:23   ` Paul Garlick

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.