From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 904D2138334 for ; Sat, 7 Jul 2018 06:01:29 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 23514E0D75; Sat, 7 Jul 2018 05:56:52 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B1E1EE0D72 for ; Sat, 7 Jul 2018 05:56:51 +0000 (UTC) Received: from localhost.localdomain (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id F0282335C05; Sat, 7 Jul 2018 05:56:49 +0000 (UTC) From: =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Cc: robbat2@gentoo.org, =?UTF-8?q?Micha=C5=82=20G=C3=B3rny?= Subject: [gentoo-dev] [PATCH v4 11/14] glep-0063: Require renewal 2 weeks before expiration Date: Sat, 7 Jul 2018 07:56:20 +0200 Message-Id: <20180707055623.28603-12-mgorny@gentoo.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180707055623.28603-1-mgorny@gentoo.org> References: <20180707055623.28603-1-mgorny@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Archives-Salt: 9c751f55-4ed8-4d9c-963c-ea1e84201473 X-Archives-Hash: 5554dab602ae046ddc77376f89135953 Add a rule requesting renewal of keys at least two weeks before their expiration date, in order to give services time to refresh. --- glep-0063.rst | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/glep-0063.rst b/glep-0063.rst index 7bfbaa6..9ae9c74 100644 --- a/glep-0063.rst +++ b/glep-0063.rst @@ -33,6 +33,10 @@ v2 by a single requirement. The rules have been simplified to use the same maximum time of 900 days for both the primary key and subkeys. + An additional rule requesting key renewal 2 weeks before expiration + has been added. This is in order to give services and other developers time + to refresh the key. + v1.1 The recommended RSA key size has been changed from 4096 bits to 2048 bits to match the GnuPG recommendations [#GNUPG-FAQ-11-4]_. @@ -83,7 +87,10 @@ not be used to commit. 4. Expiration date on key and all subkeys set to no more than 900 days into the future -5. Upload your key to the SKS keyserver rotation before usage! +5. Key expiration date renewed at least 2 weeks before the previous + expiration date + +6. Upload your key to the SKS keyserver rotation before usage! Recommendations --------------- -- 2.18.0