From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3C05F138334 for ; Wed, 4 Jul 2018 10:28:37 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7C713E0BBE; Wed, 4 Jul 2018 10:24:25 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 18D74E0BB8 for ; Wed, 4 Jul 2018 10:24:25 +0000 (UTC) Received: from localhost.localdomain (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id B471A335CC1; Wed, 4 Jul 2018 10:24:22 +0000 (UTC) From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Cc: robbat2@gentoo.org, =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= Subject: [gentoo-dev] [PATCH v2 10/11] glep-0063: Require renewal 2 weeks before expiration Date: Wed, 4 Jul 2018 12:24:00 +0200 Message-Id: <20180704102401.29512-11-mgorny@gentoo.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180704102401.29512-1-mgorny@gentoo.org> References: <20180704102401.29512-1-mgorny@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Archives-Salt: 6c40a622-9f63-4267-92ae-d3ed0edb5efa X-Archives-Hash: 1ee5974789e4926e68df3316035a85c9 Add a rule requesting renewal of keys at least two weeks before their expiration date, in order to give services time to refresh. --- glep-0063.rst | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/glep-0063.rst b/glep-0063.rst index 7455674..6874b81 100644 --- a/glep-0063.rst +++ b/glep-0063.rst @@ -32,6 +32,10 @@ v2 specification. Changing the expiration date of existing keys is possible in-place so there is no need to provide for transitional 'minimum' value. + An additional rule requesting key renewal 2 weeks before expiration + has been added. This is in order to give services and other developers time + to refresh the key. + v1.1 The recommended RSA key size has been changed from 4096 bits to 2048 bits to match the GnuPG recommendations [#GNUPG-FAQ-11-4]_. @@ -82,7 +86,10 @@ not be used to commit. b. Gentoo subkey: 1 year maximum -4. Upload your key to the SKS keyserver rotation before usage! +4. Key expiration date renewed at least 2 weeks before the previous + expiration date. + +5. Upload your key to the SKS keyserver rotation before usage! Recommendations --------------- -- 2.18.0