On 29.07.21 10:19, Bagas Sanjaya wrote:
On 29/07/21 02.36, Fabian Stelzer via GitGitGadget wrote:
openssh 8.7 will add valid-after, valid-before options to the allowed
keys
keyring. This allows us to pass the commit timestamp to the verification
call and make key rollover possible and still be able to verify older
commits. Set valid-after=NOW when adding your key to the keyring and set
valid-before to make it fail if used after a certain date. Software like
gitolite/github or corporate automation can do this automatically when
ssh
push keys are addded / removed I will add this feature in a follow up
patch
afterwards.
I read above as "set valid-before=<some date> and valid-after=<now> to
limit key validity for several days from now". Is it right?
no. "NOW" is not meant literally but in the sense to add the current
date when adding the key. I'll edit the description. But this feature in
general will follow in a separate patchset with proper documentation anyway.
