I disagree with adding this as a requirement. Services should explicitly fail to work with expired GPG keys, key renewal times should be at the key owner's descretion. This should still be a recommendation that guarantees the key owner to continue work without interruption.
Thanks, Manuel On 04.07.2018 12:24, Michał Górny wrote: > Add a rule requesting renewal of keys at least two weeks before their > expiration date, in order to give services time to refresh. > --- > glep-0063.rst | 9 ++++++++- > 1 file changed, 8 insertions(+), 1 deletion(-) > > diff --git a/glep-0063.rst b/glep-0063.rst > index 7455674..6874b81 100644 > --- a/glep-0063.rst > +++ b/glep-0063.rst > @@ -32,6 +32,10 @@ v2 > specification. Changing the expiration date of existing keys is possible > in-place so there is no need to provide for transitional 'minimum' value. > > + An additional rule requesting key renewal 2 weeks before expiration > + has been added. This is in order to give services and other developers time > + to refresh the key. > + > v1.1 > The recommended RSA key size has been changed from 4096 bits > to 2048 bits to match the GnuPG recommendations [#GNUPG-FAQ-11-4]_. > @@ -82,7 +86,10 @@ not be used to commit. > > b. Gentoo subkey: 1 year maximum > > -4. Upload your key to the SKS keyserver rotation before usage! > +4. Key expiration date renewed at least 2 weeks before the previous > + expiration date. > + > +5. Upload your key to the SKS keyserver rotation before usage! > > Recommendations > --------------- >
signature.asc
Description: OpenPGP digital signature