Re: Check your signing key expiration dates!

* Andrei POPESCU [2019-07-07 20:31 +0300]: > On Du, 07 iul 19, 20:17:41, Teemu Likonen wrote: > > > > You need to update your copy of the keys. Those developers have very > > likely updated the expiration day and moved it again to some point in > > the future. Debian developers' keys can be upda

Re: Check your signing key expiration dates!

* On 2019 09 Jul 09:14 -0500, Teemu Likonen wrote: > It's not optimal but the manual says this in general form in > "keyserver-options": "Valid import-options or export-options may be used > here [...]". > > --keyserver-options {name=value} >This is a space or comma delimited strin

Re: Check your signing key expiration dates!

Nate Bargmann [2019-07-09T09:00:36-05] wrote: > * On 2019 09 Jul 02:32 -0500, Teemu Likonen wrote: >> Options for "import-options" are for "--import" command and >> "export-options" are for "--export" command. Both of them can used >> with "keyserver-options" which are options for "--receive-key",

Re: Check your signing key expiration dates!

* On 2019 09 Jul 02:32 -0500, Teemu Likonen wrote: > Nate Bargmann [2019-07-08T21:14:42-05] wrote: > > > I may just be pedant here, but I found the current manual page for gpg > > in Buster shows that 'import-clean' is a value for the > > 'import-options' key. I had it paired with the 'keyserver-o

Re: Check your signing key expiration dates!

Nate Bargmann [2019-07-08T21:14:42-05] wrote: > I may just be pedant here, but I found the current manual page for gpg > in Buster shows that 'import-clean' is a value for the > 'import-options' key. I had it paired with the 'keyserver-options' and > it seemed to work there too. Options for "impo

Re: Check your signing key expiration dates!

* On 2019 08 Jul 04:01 -0500, Brad Rogers wrote: > Just updated it here, and there were changes, 16 signatures cleaned, but > nothing other than that. However, I know the last key refresh I did was > a few months ago. With the DoS attack, I'm not likely to be refreshing > keys wholesale any more,

Re: Check your signing key expiration dates!

On Mon, 8 Jul 2019 12:07:38 +0300 Andrei POPESCU wrote: Hello Andrei, >Apparently we should only be using full fingerprints only: >https://gwolf.org/node/4070 Thanks for that. Good to know. -- Regards _ / ) "The blindingly obvious is / _)radnever immediat

Re: Check your signing key expiration dates!

On Lu, 08 iul 19, 10:00:20, Brad Rogers wrote: > On Mon, 8 Jul 2019 10:03:36 +0300 > Andrei POPESCU wrote: > > >B7A15F455B287F384174D5E9E5EC4AC9BD627B05 (Donald Norwood's key used to > >sign the release announcement). > > Probably only need the last eight chars of that fingerprint. Of course,

Re: Check your signing key expiration dates!

On Mon, 8 Jul 2019 10:03:36 +0300 Andrei POPESCU wrote: Hello Andrei, >B7A15F455B287F384174D5E9E5EC4AC9BD627B05 (Donald Norwood's key used to >sign the release announcement). Probably only need the last eight chars of that fingerprint. Of course, with cut 'n' paste, it matters little. >gpg

Re: Check your signing key expiration dates!

Andrei POPESCU [2019-07-08T10:28:59+03] wrote: > What would be the alternative to SKS keyservers? Not "the" alternative but keyserver-wise there is which I mentioned and which uses different software. There are also other key delivery methods like WKD or just publish y

Re: Check your signing key expiration dates!

On Du, 07 iul 19, 21:11:06, Teemu Likonen wrote: > Andrei POPESCU [2019-07-07T20:31:23+03] wrote: > > > My gpg.conf has: > > > > keyserver hkps://hkps.pool.sks-keyservers.net > > SKS keyservers can be risky because they allow anybody to submit any > number of key signatures to other people's

Re: Check your signing key expiration dates!

On Du, 07 iul 19, 18:55:46, Brad Rogers wrote: > On Sun, 7 Jul 2019 20:31:23 +0300 > Andrei POPESCU wrote: > > Hello Andrei, > > >Apparently a 'gpg --refresh-keys ' is not enough, not sure > >why... > > Should be; Updating your public key worked for me. Admittedly, with > a not changed resul

Re: Check your signing key expiration dates!

* On 2019 07 Jul 14:43 -0500, Teemu Likonen wrote: > Yes. It is not used very much yet but some organizations like debian.org > and kernel.org have it. I'm learning. Slowly. > SKS keyserver software does not have maintainers and currently it seems > that not much development will happen on the s

Re: Check your signing key expiration dates!

Nate Bargmann [2019-07-07T13:28:27-05] wrote: > apparently this [WKD] is something that is going to have to be > implemented for every email domain. Yes. It is not used very much yet but some organizations like debian.org and kernel.org have it. > While it is probably good in its own right, the

Re: Check your signing key expiration dates!

* On 2019 07 Jul 13:39 -0500, Brad Rogers wrote: > We've all done it. ;-) Thanks! - Nate -- "The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true." Web: https://www.n0nb.us GPG key: D55A8819 GitHub: N0NB signature.asc Description: PGP

Re: Check your signing key expiration dates!

On Sun, 7 Jul 2019 13:16:56 -0500 Nate Bargmann wrote: Hello Nate, >That is a good question! I have been collecting public signatures for >many years via gpg. Yours, in particular, is one that shows as expired. I wouldn't be able to use it if it were expired: I found out the hard way - by fo

Re: Check your signing key expiration dates!

* On 2019 07 Jul 12:19 -0500, Teemu Likonen wrote: > Nate Bargmann [2019-07-07T12:03:35-05] wrote: > > > Within the past day I have received two mails via the debian-announce > > list (I recently subscribed), and have seen some on this list where I > > am seeing the output from gpgme in neomutt th

Re: Check your signing key expiration dates!

* On 2019 07 Jul 12:29 -0500, Brad Rogers wrote: > On Sun, 7 Jul 2019 12:03:35 -0500 > Nate Bargmann wrote: > > Hello Nate, > > >list (I recently subscribed), and have seen some on this list where I am > >seeing the output from gpgme in neomutt that the signing key expired > >some time ago. Not

Re: Check your signing key expiration dates!

Andrei POPESCU [2019-07-07T20:31:23+03] wrote: > My gpg.conf has: > > keyserver hkps://hkps.pool.sks-keyservers.net SKS keyservers can be risky because they allow anybody to submit any number of key signatures to other people's keys. Recently some keys have been poisoned with a great number k

Re: Check your signing key expiration dates!

On Sun, 7 Jul 2019 20:33:21 +0300 Andrei POPESCU wrote: Hello Andrei, >On Du, 07 iul 19, 18:28:00, Brad Rogers wrote: >> GPG does warn about expired keys. However, it's possible some MUAs >> may mask that warning. >Neo/Mutt show it, but it's easy to miss. Using different colour and/or >bold

Re: Check your signing key expiration dates!

On Sun, 7 Jul 2019 20:31:23 +0300 Andrei POPESCU wrote: Hello Andrei, >Apparently a 'gpg --refresh-keys ' is not enough, not sure >why... Should be; Updating your public key worked for me. Admittedly, with a not changed result, but that's not important. What term did you use as ? -- Rega

Re: Check your signing key expiration dates!

On Du, 07 iul 19, 18:28:00, Brad Rogers wrote: > > GPG does warn about expired keys. However, it's possible some MUAs may > mask that warning. Neo/Mutt show it, but it's easy to miss. Using different colour and/or bold would help... Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebia

Re: Check your signing key expiration dates!

On Du, 07 iul 19, 20:17:41, Teemu Likonen wrote: > > You need to update your copy of the keys. Those developers have very > likely updated the expiration day and moved it again to some point in > the future. Debian developers' keys can be updated with WKD protocol > usign their debian.org email ad

Re: Check your signing key expiration dates!

On Sun, 7 Jul 2019 12:03:35 -0500 Nate Bargmann wrote: Hello Nate, >list (I recently subscribed), and have seen some on this list where I am >seeing the output from gpgme in neomutt that the signing key expired >some time ago. Not expired within the past days but months or almost a Not seeing

Re: Check your signing key expiration dates!

Nate Bargmann [2019-07-07T12:03:35-05] wrote: > Within the past day I have received two mails via the debian-announce > list (I recently subscribed), and have seen some on this list where I > am seeing the output from gpgme in neomutt that the signing key > expired some time ago. Not expired withi

Check your signing key expiration dates!

Within the past day I have received two mails via the debian-announce list (I recently subscribed), and have seen some on this list where I am seeing the output from gpgme in neomutt that the signing key expired some time ago. Not expired within the past days but months or almost a couple of years