Hi Jan, > On 5. Dec 2024, at 09:15, Jan Kolarik <jkolarik@xxxxxxxxxx> wrote: > > Although this wasn’t the main intent of the proposal, it was suggested by the RPM team to also consider this aspect when checking for expired PGP keys. The idea is to leverage the existing RPM method pgpPubKeyLint, which evaluates whether a given key is usable for verification. While this check is performed during key import, scenarios could arise where a key becomes broken or deemed weak after it has already been imported. > > This behavior would depend on the policy configured on the system (see rpm-sequoia for reference). Incorporating this check is more of a suggested enhancement for the proposed plugin implementation and has not yet been fully specified. OK, thanks for the answer. I think this is a good feature, but I understand that you don’t want to make it part of the change proposal right now. -- Clemens Lang RHEL Crypto Team Red Hat -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue