encrypting to expired certificates

Doug Barton dougb at dougbarton.us
Tue Sep 16 19:31:00 CEST 2014

On 9/16/14 10:18 AM, Peter Lebbing wrote:
> On 16/09/14 16:41, Werner Koch wrote:
>> To put this discussion to an end, he may simply do a jump to the left
>> and put the option --faked-system-time ISODATESTRING on his command
>> line.
> Regardless of whether you personally support or oppose the possibility
> to override the expiry date, as it's your decision, I do want to point
> out that this creates an issue with encrypt-and-sign. Although a little
> footnote saying "hey dude, since your key expired in April, I had to
> sign in April" could be added. I do wonder how many people would
> understand that footnote, though.

.... which further highlights that adding options to make life easier 
for people who don't understand what key expiry means, or how to manage 
it properly, is probably not a good idea. :)


More information about the Gnupg-users mailing list