Update expiration of subkeys that expired together with the primary key
gpg --quick-set-expire (that is used by ChangeExpiryJob) ignores already expired subkeys if the subkeys are specified with "*". We have to list the subkeys to update explicitly to make gpg update them. We request an update of the expiration for all subkeys (excluding the primary key) which aren't revoked and which have an explicit expiration set and which are either not yet expired or which expired at the same time (+/- 10 seconds) as the primary key. This covers the standard use case of an OpenPGP key with an encryption subkey (with identical expiration) while at the same time not getting in the way of advanced use cases with rotated subkeys. GnuPG-bug-id: 6473
Please register or sign in to comment