Change Details

If you have an expired certificate in your keybox/keyring and import the extended pubkey the trustdb is not updated. This is an issue in real life: it was reported (for VSD 3.2.2) that the TrustedKey of an organization expired, then extended and the extended certificate was imported by the employees. But still that certificate and all certificated signed by that key were shown as "not certified". Currently one has to import and certify a new key as a workaround to update the trustdb or explicitly update it on the command line. Can we automatically update the trustdb on import of new signatures, too, and not only for a new key import as in {T6399}?

If you have an expired certificate in your keybox/keyring and import the extended pubkey the trustdb is not updated. This is an issue in real life: it was reported (for VSD 3.2.0) that the TrustedKey of an organization expired, then extended and the extended certificate was imported by the employees. But still that certificate and all certificated signed by that key were shown as "not certified". Currently one has to import and certify a new key as a workaround to update the trustdb or explicitly update it on the command line. Can we automatically update the trustdb on import of new signatures, too, and not only for a new key import as in {T6399}?

If you have an expired certificate in your keybox/keyring and import the extended pubkey the trustdb is not updated. This is an issue in real life: it was reported (for VSD 3.2.20) that the TrustedKey of an organization expired, then extended and the extended certificate was imported by the employees. But still that certificate and all certificated signed by that key were shown as "not certified". Currently one has to import and certify a new key as a workaround to update the trustdb or explicitly update it on the command line. Can we automatically update the trustdb on import of new signatures, too, and not only for a new key import as in {T6399}?