From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id YMTyM6GaT2CPQAAA0tVLHw (envelope-from ) for ; Mon, 15 Mar 2021 17:34:25 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id uG2gL6GaT2BtVgAAbx9fmQ (envelope-from ) for ; Mon, 15 Mar 2021 17:34:25 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 3397C8F4D for ; Mon, 15 Mar 2021 18:34:23 +0100 (CET) Received: from localhost ([::1]:53078 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lLr6j-0006pd-W2 for larch@yhetil.org; Mon, 15 Mar 2021 13:34:22 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:48430) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLqwk-0008D1-PC for guix-devel@gnu.org; Mon, 15 Mar 2021 13:24:02 -0400 Received: from tobias.gr ([2a02:c205:2020:6054::1]:46174) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lLqwi-00011y-Ds for guix-devel@gnu.org; Mon, 15 Mar 2021 13:24:02 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tobias.gr; s=2018; bh=Wta99vZ+RAyrDOdmEYI7aR90KFwYoHsLfRRiCs7/q0A=; h=date:in-reply-to: references:subject:cc:to:from; b=bmJ7/D4nnJ9/kf6w7xAYAtpAd9NOxfsa0GGJi vjZLzsYnTy9qluiegL7a2vwpl8lSNJb8NiaXZRcMaQXAJMlmsBP7usAMDgj1O8eNvk4woY +Tmd/hzoQje73aC6OVZWaT8qAWz7RY1QhFv3aCdpJOrrP/zxvxUidmdRnfmpz4gp+UmHSX dEtXia/SlXNcLZYDcpLpJ09zO5xq7QPcoNFkoyzhfz3yNa70NpQF5wR6fbASTdDYdO0SM1 1PIoHRVREJyOEVTcMab/3X15/AGKoDAjSBIY67vQVRGc6OFRuERd/z/LU0ieQEcMd2M9dh 5p1TvJMgubR88B9W+m0B/21qg== Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 164ed7d6 (TLSv1.2:ECDHE-ECDSA-AES256-GCM-SHA384:256:NO); Mon, 15 Mar 2021 17:24:57 +0000 (UTC) BIMI-Selector: v=BIMI1; s=default; From: Tobias Geerinckx-Rice To: Paul Garlick Cc: guix-devel@gnu.org Subject: Re: gpg key expiration time References: <301dd8d4b2256cdfeb78d444fc9448c4c70230b8.camel@tourbillion-technology.com> In-reply-to: <301dd8d4b2256cdfeb78d444fc9448c4c70230b8.camel@tourbillion-technology.com> Date: Mon, 15 Mar 2021 18:24:10 +0100 Message-ID: <87a6r4nxdx.fsf@nckx> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@tobias.gr; helo=tobias.gr X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1615829663; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=Wta99vZ+RAyrDOdmEYI7aR90KFwYoHsLfRRiCs7/q0A=; b=jjrHT/7ETMagsU0deYqD/i+wi4AV3KqSvZEHNw4EA+ByYrf+vrDt/rjEOj6hADqPL05AxA 2t2O1uuK6VIQKgVcKbjxLn6GrftGPfYeB6yQzdVXTWqwXkEnwMpZCRoRXdxISwGBn2Wq+c 1wNW3ltLGT55ERQnZu+bfhiXgZLN/B/3BaHdE5a+wiOUDNNNvQV2aU6F3Qzasry0ukpgTL eMubDchDYbIgzfa3dXoLnP4Q9TxHK0gNHYpyRA4P73p2coL9xpOO6wEGc3Tb4JtLi304H7 6n08FkJLEkUBf5v3PNjtdrTgO3QT7ICnnqSFcVVzCqmrdOEW2DIolvBEARD/og== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615829663; a=rsa-sha256; cv=none; b=P0dGA2vJMc9MpmeQB8mG8lLFPGGM4Ihq7DSbN5yubQUkHOpL3Pp9eklmFIsxNFy/DA/fvg 6fVG70aLZ0xuWMh95xP5MOihTPGcFplaOuO7v3lkIENyXMu88vxvF0Tm5relVZKRDoWw6y 1sqvKBBBIncDNyvXKj3OSvo/2/JXkc1r5vz3YtD2/7FBI1cyar76ZEuRL5BAgG1BdkxYe9 AyNzKJQz7BWbr5nhx/OBhZVNUjzvWdbAOXobxeFVYgQjxtEs6gnHPfmvDt1YKHjZJz5/EV QCal4g4Z7IujGFeho8tlIZ3OlvVSUMARTCr4DEhR2OxX8C2fJ2jJMnp/5njv6w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=tobias.gr header.s=2018 header.b="bmJ7/D4n"; dmarc=pass (policy=reject) header.from=tobias.gr; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -4.70 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=tobias.gr header.s=2018 header.b="bmJ7/D4n"; dmarc=pass (policy=reject) header.from=tobias.gr; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 3397C8F4D X-Spam-Score: -4.70 X-Migadu-Scanner: scn0.migadu.com X-TUID: akUtEbABWQec --=-=-= Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi Paul! Paul Garlick =E5=86=99=E9=81=93=EF=BC=9A > After renewing the expiration time of one's gpg key, and=20 > uploading the > updated key to Savannah, is it also necessary to update the > corresponding file in the keyring branch? No. > I notice from the log that, so far, none of the original files=20 > have > been updated. Does this mean that the original validation is=20 > accepted > for new commits signed with an updated key? Yes. The expiry date is not embedded in your cryptographic key, merely=20 attached to it as a signed =E2=80=98packet=E2=80=99. Of course, OpenPGP has a reputation to maintain as the most=20 confusing software on earth, so all these packets are stored=20 together with your cryptographic key(s) in a single file that=20 everyone calls your... =E2=80=98key=E2=80=99. Anyway: Guix ignores expiry dates by design. It merely verifies=20 that each commit was signed with an authorised key. Kind regards, T G-R --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCYE+YOg0cbWVAdG9iaWFz LmdyAAoJEA2w/4hPVW15JVYA/Ay7kdWXXjJ5VeF3lskJ5so/FpPhJ49PNgFnpJZO JIznAQDYKvzZMU98fGsW9VJhUtIVwL6FbRZFyTy7d7Je6WonCg== =Klr9 -----END PGP SIGNATURE----- --=-=-=--