59359 – (Task) Extend validity period for signing KEY - before next release

Bug 59359 - (Task) Extend validity period for signing KEY - before next release

Summary: (Task) Extend validity period for signing KEY - before next release

Status:	NEW

Alias:	None

Product:	Taglibs
Classification:	Unclassified
Component:	Standard Taglib (show other bugs)
Version:	nightly
Hardware:	PC All

Importance:	P2 enhancement (vote)
Target Milestone:	---
Assignee:	Tomcat Developers Mailing List

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-04-20 12:19 UTC by Konstantin Kolinko
Modified:	2016-04-20 12:19 UTC (History)
CC List:	0 users

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Konstantin Kolinko 2016-04-20 12:19:07 UTC

Thread on users@tomcat, "pgp-keys jsp taglibs", 2016-04
http://tomcat.markmail.org/thread/keajyd3iq2tfrjr7

Just a reminder.

$ gpg --list-keys A7A0233C

pub   2048R/A7A0233C 2012-02-25 [expired: 2016-02-25]
uid                  Jeremy Boynes <jboynes@apache.org>


The declared validity period for the key (the one in the KETS file on download server) has passed.

It is OK for past releases, but for a new release something has to be done here.

It is possible to extends the validity period for an existing key. Links:

http://unix.stackexchange.com/questions/177291/how-to-renew-an-expired-keypair-with-gpg

http://superuser.com/questions/813421/can-you-extend-the-expiration-date-of-an-already-expired-gpg-key

https://help.riseup.net/en/security/message-security/openpgp/best-practices#use-an-expiration-date-less-than-two-years