On 29/07/21 02.36, Fabian Stelzer via GitGitGadget wrote:
openssh 8.7 will add valid-after, valid-before options to the allowed keys keyring. This allows us to pass the commit timestamp to the verification call and make key rollover possible and still be able to verify older commits. Set valid-after=NOW when adding your key to the keyring and set valid-before to make it fail if used after a certain date. Software like gitolite/github or corporate automation can do this automatically when ssh push keys are addded / removed I will add this feature in a follow up patch afterwards.
I read above as "set valid-before=<some date> and valid-after=<now> to limit key validity for several days from now". Is it right?
-- An old man doll... just what I always wanted! - Clara
