feat: updating expiry #2
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Besides key signing/certification and UID changes, expiration updates are the most common kind of OpenPGP "maintenance".
Design wise, the goal here is so that you don't have to change the spec for expiry updates at all. There's a threshold defined in the spec, and if the validity falls under that threshold, it's gonna be extended by one validity_period. This way, if the validity_period is 2 years for example, the threshold is 3 months, and you use
openpgp-key-janitor
22 months after initial key creation, it's going to be extended to creation + 2 * validity_period, so 48 months, and running it after 47 months will make it end up creation + 3 * validity_period, so 72 months.This choice has been made so that maintaining a large amount of keys for example for a company becomes easier, as you can then run openpgp-key-janitor for every key without thinking about it too much, before then publishing all pubkeys that have changed during that.