Best practice for periodic key change?

Jeffrey Walton noloader at
Fri May 6 08:20:54 CEST 2011

On Thu, May 5, 2011 at 4:10 PM, Doug Barton <dougb at> wrote:
> On 05/04/2011 23:52, Andreas Heinlein wrote:
>> We have a OpenPGP key which we use for signing our software releases.
>> That key should be changed yearly and carry an expiration date to
>> enforce this change.
> What are you trying to accomplish by doing it this way? I've yet to see a
> good rationale for setting expiration dates on keys, but perhaps you can be
> the first. :)
I would guess that Andreas is practicing Key Management
( I've also
seen similar arise in compliance and auditing.


More information about the Gnupg-users mailing list