[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-register-public] [task #15140] Automatically updating GPG keys
From: |
Tim Ruehsen |
Subject: |
[Savannah-register-public] [task #15140] Automatically updating GPG keys when expired |
Date: |
Fri, 4 Jan 2019 06:32:39 -0500 (EST) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:64.0) Gecko/20100101 Firefox/64.0 |
Follow-up Comment #2, task #15140 (project administration):
The report was "wget-1.20.1.tar.gz signed with expired key" and had the
following message:
I was rather surprised to see that the key used to sign a release on December
26 expired on July 12. Is it legit?
$ curl https://ftp.gnu.org/gnu/gnu-keyring.gpg | gpg --import
...
$ gpg --verify wget-1.20.1.tar.gz.sig
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
gpg: Signature made December 26, 2018 at 08:12:51 PM UTC using RSA key ID
A2670428
gpg: Good signature from "Tim Rühsen <address@hidden>"
gpg: Note: This key has expired!
Primary key fingerprint: 1CB2 7DBC 9861 4B2D 5841 646D 0830 2DB6 A267 0428
$ gpg --list-key A2670428
gpg: WARNING: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
pub 4096R/A2670428 2014-06-26 [expired: 2018-06-12]
uid Tim Rühsen <address@hidden>
So my key wasn't expired since 2016 but since 2018-06-12.
A possible quick solution would be to have a crontab daily/weekly checking for
soon-to-expire keys and to inform those people via an automated email
(including steps on how to update expiration date and how to upload to key
servers and how to update to Savannah).
Then a second crontab could check all GPG keys on a public key server. And
download those keys whose expiration date has been changed (e.g. it could be
that someone changed the expiration date from 'never' to a concrete future
date).
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/task/?15140>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/