-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/25/2011 05:47 AM, Thomas Kahle wrote: > Hi, > > it says here http://www.gentoo.org/doc/en/gnupg-user.xml#doc_chap2 that > the validity should be <6 month. What is the protocol when the expiry > date is approaching? > > -) Extend expiry date and upload again? > -) Create new key (and sign with ?? ) ? > > Cheers, > Thomas >
Traditionally you start using your new key the day your old key expires. Having said that, <6 months seems a little paranoid, even by my standards. (And I'm a professional paranoid) I'd say for a developer, ~ 1 year is more than adequate. - -- Dane Smith (c1pher) Gentoo Linux Developer -- QA / Crypto / Sunrise / x86 RSA Key: http://pgp.mit.edu:11371/pks/lookup?search=0x0C2E1531&op=index -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJNjH4PAAoJEEsurZwMLhUxeKIQAIhZr9Q4cVQtD5Ru9tgral8z bmdhFUrOEKo61H9/3KTgy8KowSNDm0UK+IoPEN/n8q/qMsu/0Ni0NHIJGZE6Lrbw zxp4RpAQ8KQhWKXLppTVqedXLBChX5v6wGQJXlpd8xFg/drKTPo9U/r+W2F9Zs8n bLmSzYnJqwd1NYBqBx4F4Vgdq2RO2iqugPMc8igNGvARjJirwcoJ32tqVq64rGke NYrnjBaYV0EiexpS4crQRX3Ggf29CVgGlWnKKLLD5Nql3wmgT5P9DZASE0K2Pj5f rmjjzNwq12YJN4UkJanbE+5c1Vd5FPk+k2RLMuLrQr8j8jUn/DzrY8NU3F5ioHV2 kvS/4W5uJ3h9xQYG5RzNek9ydYn3Be2T5+nXxZQJmaGZO56qeh1CRQSMRh6LI7Ys /2KkIVsskJHt0IV+NSnc0KmleZbmWfXP1GkexZNDrswHTJ4HuTKuPYHxsIX8gvqO zqPY+UxlQrj5esRUD1VBKbsi+J88zaT931sgHmeyLM55kBoA8zlZ6ZCI9PkzbfFg fL74+qVn7hsVgFvI8C8PSCBpoCpxC6wNnJIG5Uz+NiZouEUB3i8W0HqqB1YI+67L Pbbtc9/EREv1HQwDgM870ReYM1Fa/+qnl7TwcbhilkgzkSjXUjqinzuuwyGYw6ad C3J0KAcCRr1XfjJQaY5k =a5EG -----END PGP SIGNATURE-----