Ramsay Jones venit, vidit, dixit 28.09.2016 23:09: > > > On 28/09/16 20:59, Junio C Hamano wrote: >> Michael J Gruber <g...@drmicha.warpmail.net> writes: > >>> + "X" for a good expired signature, or good signature made by an expired >>> key, >> >> As an attempt to clarify that we cover both EXPSIG and EXPKEYSIG >> cases, I think this is good enough. I may have phrased the former >> slightly differently, though: "a good signature that has expired". >> >> I have no strong opinion if we want to stress that we cover both >> cases, though, which is I think what Ramsay's comment was about. > > Kinda! ;-) > > I'm not sure that it is a good idea to mash both EXPSIG and EXPKEYSIG > into one status letter, but I was also fishing for some information > about EXPSIG. I was only vaguely aware that a signature could expire > _independently_ of the key used to do the signing. Also, according to > https://www.gnupg.org/documentation/manuals/gnupg/Automated-signature-checking.html > for the EXPSIG case 'Note, that this case is currently not implemented.'
A key can have an expiration date. A signature can have an expiration date. The "goodness" of a signature is independent of the expiraton dates. Signature expiration is implemented, I tested that (gpg 1 aka "classic"). > Hmm, I guess these are so closely related that a single status letter > is OK, but I think I would prefer your phrasing; namely: > > "X" for a good signature that has expired, or a good signature made with an > expired key, > I'm open to whatever phrasing you deem clearer. Also, I'm open to using another letter for EXPKEYSIG but couldn't decide between 'Y', 'Z', 'K'. 'K' could be confused with REVKEYSIG, I'm afraid. 'Y' is next to 'X' and contained in 'KEY', it would be my first choice. Cheers, Michael