Regarding the expiration of the signed data in npth-1.6.tar.bz2

Bruce Walzer bwalzer at 59.ca
Sat Feb 3 17:31:41 CET 2024


On Sat, Feb 03, 2024 at 11:35:20PM +0900, witchy via Gnupg-users wrote:
[...]
> I noticed that the npth signature data has expired.

Why is anyone signing software with expiring keys anyway? I have
ranted against the practice of PGP key expiry in general[1] but this
seems particularly harmful. GnuPG contributes to this problem by
generating expiring keys by default.

[1] https://articles.59.ca/doku.php?id=pgpfan:expire

Bruce



More information about the Gnupg-users mailing list