Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Dane Smith <c1pher@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] validity of manifest signing key
Date: Fri, 25 Mar 2011 11:38:52
Message-Id: 4D8C7E0F.5030702@gentoo.org
In Reply to: [gentoo-dev] validity of manifest signing key by Thomas Kahle
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4 On 03/25/2011 05:47 AM, Thomas Kahle wrote:
5 > Hi,
6 >
7 > it says here http://www.gentoo.org/doc/en/gnupg-user.xml#doc_chap2 that
8 > the validity should be <6 month. What is the protocol when the expiry
9 > date is approaching?
10 >
11 > -) Extend expiry date and upload again?
12 > -) Create new key (and sign with ?? ) ?
13 >
14 > Cheers,
15 > Thomas
16 >
17
18 Traditionally you start using your new key the day your old key expires.
19
20 Having said that, <6 months seems a little paranoid, even by my
21 standards. (And I'm a professional paranoid) I'd say for a developer, ~
22 1 year is more than adequate.
23
24 - --
25 Dane Smith (c1pher)
26 Gentoo Linux Developer -- QA / Crypto / Sunrise / x86
27 RSA Key: http://pgp.mit.edu:11371/pks/lookup?search=0x0C2E1531&op=index
28 -----BEGIN PGP SIGNATURE-----
29 Version: GnuPG v2.0.17 (GNU/Linux)
30 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
31
32 iQIcBAEBAgAGBQJNjH4PAAoJEEsurZwMLhUxeKIQAIhZr9Q4cVQtD5Ru9tgral8z
33 bmdhFUrOEKo61H9/3KTgy8KowSNDm0UK+IoPEN/n8q/qMsu/0Ni0NHIJGZE6Lrbw
34 zxp4RpAQ8KQhWKXLppTVqedXLBChX5v6wGQJXlpd8xFg/drKTPo9U/r+W2F9Zs8n
35 bLmSzYnJqwd1NYBqBx4F4Vgdq2RO2iqugPMc8igNGvARjJirwcoJ32tqVq64rGke
36 NYrnjBaYV0EiexpS4crQRX3Ggf29CVgGlWnKKLLD5Nql3wmgT5P9DZASE0K2Pj5f
37 rmjjzNwq12YJN4UkJanbE+5c1Vd5FPk+k2RLMuLrQr8j8jUn/DzrY8NU3F5ioHV2
38 kvS/4W5uJ3h9xQYG5RzNek9ydYn3Be2T5+nXxZQJmaGZO56qeh1CRQSMRh6LI7Ys
39 /2KkIVsskJHt0IV+NSnc0KmleZbmWfXP1GkexZNDrswHTJ4HuTKuPYHxsIX8gvqO
40 zqPY+UxlQrj5esRUD1VBKbsi+J88zaT931sgHmeyLM55kBoA8zlZ6ZCI9PkzbfFg
41 fL74+qVn7hsVgFvI8C8PSCBpoCpxC6wNnJIG5Uz+NiZouEUB3i8W0HqqB1YI+67L
42 Pbbtc9/EREv1HQwDgM870ReYM1Fa/+qnl7TwcbhilkgzkSjXUjqinzuuwyGYw6ad
43 C3J0KAcCRr1XfjJQaY5k
44 =a5EG
45 -----END PGP SIGNATURE-----

Replies

Subject Author
Re: [gentoo-dev] validity of manifest signing key Marc Schiffbauer <mschiff@g.o>
Report Message
Find on MARC Find on Google Groups