Hi Jan, > On 5. Dec 2024, at 09:15, Jan Kolarik <jkola...@redhat.com> wrote: > > Although this wasn’t the main intent of the proposal, it was suggested by the > RPM team to also consider this aspect when checking for expired PGP keys. The > idea is to leverage the existing RPM method pgpPubKeyLint, which evaluates > whether a given key is usable for verification. While this check is performed > during key import, scenarios could arise where a key becomes broken or deemed > weak after it has already been imported. > > This behavior would depend on the policy configured on the system (see > rpm-sequoia for reference). Incorporating this check is more of a suggested > enhancement for the proposed plugin implementation and has not yet been fully > specified.
OK, thanks for the answer. I think this is a good feature, but I understand that you don’t want to make it part of the change proposal right now. -- Clemens Lang RHEL Crypto Team Red Hat -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
