Skip to content
Verified Commit 0bb08ff5 authored by Ingo Klöcker's avatar Ingo Klöcker Committed by Ingo Klöcker
Browse files

Update expiration of subkeys that expired together with the primary key 

gpg --quick-set-expire (that is used by ChangeExpiryJob) ignores
already expired subkeys if the subkeys are specified with "*". We have
to list the subkeys to update explicitly to make gpg update them.

We request an update of the expiration for all subkeys (excluding the
primary key) which aren't revoked and which have an explicit expiration
set and which are either not yet expired or which expired at the same time
(+/- 10 seconds) as the primary key.

This covers the standard use case of an OpenPGP key with an encryption
subkey (with identical expiration) while at the same time not getting in
the way of advanced use cases with rotated subkeys.

GnuPG-bug-id: 6473
parent 11efbf80
Pipeline #392625 passed with stage
in 5 minutes and 25 seconds
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment