On Mon, 19 Feb 2001, Zed Pobre wrote: > Just wait, I expect, but I wouldn't worry about looking for > sponsors, since uploads from expired keys aren't rejected. The key I > use for uploading expired some months ago, and although my new key > still hasn't been put in the keyring, I'm not having any problems > uploading. >... <-- snip --> $ gpg --verify mtools_3.9.7+20001213-2_i386.changes gpg: Signature made Sun Jan 14 19:35:31 2001 CET using DSA key ID 6A40C91E gpg: Good signature from "Adrian Bunk <[EMAIL PROTECTED]>" gpg: aka "Adrian Bunk <[EMAIL PROTECTED]>" $ gpg --list-keys 6A40C91E pub 1024D/6A40C91E 2000-08-20 Adrian Bunk <[EMAIL PROTECTED]> uid Adrian Bunk <[EMAIL PROTECTED]> sub 2048g/66774AB6 2000-08-20 [expires: 2001-02-16] $ date Tue Feb 20 15:24:03 CET 2001 $ <-- snip --> Can anyone explain why gpg ignores that a key is expired? I consider this a big security hole! cu Adrian -- Nicht weil die Dinge schwierig sind wagen wir sie nicht, sondern weil wir sie nicht wagen sind sie schwierig. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
