You are not logged in.
Pages: 1
During my latest system upgrade, pacman asked me to import a PGP key created by Gaetan Bisson with the following date: "1998-03-24".
Isn't it a bit old? Is there something strange about which I should worry? (sincerely: I lazily accepted to import it, and began to worry only afterwards ).
Mortuus in anima, curam gero cutis
Offline
Importing it doesn't really do anything dangerous. It would only be trusted if it's signed by the necessary master keys.
In this case, the key is correct.
Offline
I was thinking the same thing, here's the full info:
pub ed25519 1998-03-24 [SCA]
1A60DC44245D06FEF90623D6EEEEE2EEEE2EEEEE
uid [ full ] Gaetan Bisson <gaetan@fenua.org>
uid [ full ] Gaetan Bisson <bisson@gaati.org>
uid [ full ] Gaetan Bisson <bisson@archlinux.org>
sub cv25519 2017-08-27 [E]
Can anybody confirm it's still a valid key?
Offline
lol, I already confirmed it, the full trust confirms it, and you can check the page linked on the front page to confirm it. What more do you want?
Offline
During my latest system upgrade, pacman asked me to import a PGP key created by Gaetan Bisson with the following date: "1998-03-24".
Isn't it a bit old? Is there something strange about which I should worry? (sincerely: I lazily accepted to import it, and began to worry only afterwards ).
Just because a key is old doesn't mean it is a bad key.
And just because a key has an old date, doesn't mean it wasn't created on a system that had had the date temporarily changed.
Considering the key ID, it is quite obvious that Gaetan was having fun when he created it, so why does the date surprise you?
Managing AUR repos The Right Way -- aurpublish (now a standalone tool)
Offline
Pages: 1