Re: signature from "Thorsten Tpper <xxx@xxxxxxx>" is unknown trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

Am 29.01.2013 04:37, schrieb Gaetan Bisson:
> Dave's answer certainly misses the real question of why Thorsten would
> want an expiration date on his GPG key,

Because its good and common practice. There are several reasons for
this, one of which is a compromise. When you got compromised and lose
your revocation certificate, too, the key will expire at some point in time.

I'm not sure about GPG, but in case of X.509 it also helps to keep the
certificate revocations lists (CRL) short, as certificates, which are
expired anyway, don't have to be listed here explicitly.

When doing everything right, this kind of issues shouldn't happen, as
you would update the involved keys (and packages) early enough.

Obviously we are all just humans and tend to forget about these things,
especially when they work just flawlessly for a reasonable amount of
time ;).

Best regards,
Karol Babioch

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux