Change Details

If you have an expired certificate in your keybox/keyring and import the extended pubkey the trustdb is not updated. This is an issue in real life: it was reported (for VSD 3.2.2) that the TrustedKey of an organization expired, then extended and the extended certificate was imported by the employees. But still that certificate and all certificated signed by that key were shown as "not certified". Currently one has to import and certify a new key as a workaround to update the trustdb or explicitly update it on the command line. Can we automatically update the trustdb on import of new signatures, too, and not only for a new key import? Please keep in mind that we also have an issue with not updated trustdb if we delete a key and newly import it. Then it is shown with the validity it had before (which might not be the same) until the next trustdb check occurs.

If you have an expired certificate in your keybox/keyring and import the extended pubkey the trustdb is not updated. This is an issue in real life: it was reported (for VSD 3.2.2) that the TrustedKey of an organization expired, then extended and the extended certificate was imported by the employees. But still that certificate and all certificated signed by that key were shown as "not certified". Currently one has to import and certify a new key as a workaround to update the trustdb or explicitly update it on the command line. Can we automatically update the trustdb on import of new signatures, too, and not only for a new key import as in {T6399}?

If you have an expired certificate in your keybox/keyring and import the extended pubkey the trustdb is not updated. This is an issue in real life: it was reported (for VSD 3.2.2) that the TrustedKey of an organization expired, then extended and the extended certificate was imported by the employees. But still that certificate and all certificated signed by that key were shown as "not certified". Currently one has to import and certify a new key as a workaround to update the trustdb or explicitly update it on the command line. Can we automatically update the trustdb on import of new signatures, too, and not only for a new key import? Please keep in mind that we also have an issue with not updated trustdb if we delete a key and newly import it. Then it is shown with the validity it had before (which might not be the same) until the next trustdb check occurs. as in {T6399}?