- Truncate descriptions
Activity
It appears that new subkeys have been generated in the past when expiration was coming - i'm curious if someone remembers/knows why that method is used, instead of just extending the expiration date on the existing key? There are pros/cons for each, but I've found that often people just don't even know you can extend the expiration.
The subkey is kept on our signing machine, while the main key is kept offline, so it's useful to create a new subkey to rotate the key we use.
Maybe for next time we can switch to a new subkey while the old one is still valid for a few months, so that last release can be verified without using an expired subkey.
boklm (@boklm):
boklm commented on a discussion: #40957 (comment 2945947)
The subkey is kept on our signing machine, while the main key is kept offline, so it's useful to create a new subkey to rotate the key we use.
Maybe for next time we can switch to a new subkey while the old one is still valid for a few months, so that last release can be verified without using an expired subkey.
That's what we actually used to do a couple of years back to avoid the exact problem which we encountered (again) in this issue... :)
The subkey is kept on our signing machine, while the main key is kept offline, so it's useful to create a new subkey to rotate the key we use.
Makes sense, thanks for the explanation!
Maybe for next time we can switch to a new subkey while the old one is still valid for a few months, so that last release can be verified without using an expired subkey.
Seems like a good idea :)
...
On 2023-09-21 07:25:02, boklm (@boklm) wrote:
- Edited by ma1
And maybe once this instance is fixed we can open a new related issue "Update signing keys", setting its due date 2 weeks before the subkey expiration and keeping it open, up-to-date & rolling indefinitely
😄
- Edited by Pier Angelo Vendrame
We might need related issues on TPA and or web (a user said on IRC the key has not been updated on TPO).
They added this link: https://github.com/micahflee/torbrowser-launcher/issues/700#issuecomment-1727392723
Expiration date on the subkey has been extended by 5 months.
The ticket to update it in wkd is tpo/tpa/team#41333 (closed).