Page MenuHome GnuPG
Create Task
Maniphest T1715

warn when primary key expiration updated without encryption-capable subkey
Closed, ResolvedPublic
Actions

Description

In a discussion on gnupg-users [0], i observed that it's not uncommon for
someone to update the expiration date on their primary key but fail to update
the expiration date on their encryption-capable subkey.

This leaves the user with a valid OpenPGP certificate, but one that is not
possible to encrypt to. Werner suggested [1] that there should be a warning in
this case.

[0] http://lists.gnupg.org/pipermail/gnupg-users/2014-September/050902.html
[1] http://lists.gnupg.org/pipermail/gnupg-users/2014-September/050918.html

Related Objects

Event Timeline

dkg added projects: gnupg, Bug Report.Sep 16 2014, 9:24 PM
dkg added a subscriber: dkg.
werner added a subscriber: werner.Sep 17 2014, 4:30 PM

Done with commit ae3d1bb. It works by checking whether the latest encryption
subkeys expires in less then 10 days. Should be backported to 2.0.

werner added projects: In Progress, backport.Sep 17 2014, 4:30 PM
werner closed this task as Resolved.Jan 26 2015, 2:57 PM
werner claimed this task.
werner removed a project: In Progress.

Backported to 2.0: commit 2424028.