Merge ~cjwatson/lp-signing:30-year-expiry into lp-signing:master
Proposed by
Colin Watson
Status: | Merged |
---|---|
Approved by: | Colin Watson |
Approved revision: | 151f5ddf84cd676b7afa53e13fb5a5e9ec862d47 |
Merge reported by: | Otto Co-Pilot |
Merged at revision: | not available |
Proposed branch: | ~cjwatson/lp-signing:30-year-expiry |
Merge into: | lp-signing:master |
Diff against target: |
71 lines (+7/-7) 2 files modified
lp_signing/model/key.py (+2/-2) lp_signing/model/tests/test_key.py (+5/-5) |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Kristian Glass (community) | Approve | ||
Review via email: mp+388991@code.launchpad.net |
Commit message
Extend key expiration to 30 years
Description of the change
OpenSSL doesn't permit creating a certificate without an expiry date, but for these keys we want something that's functionally non-expiring. Launchpad historically used 10 years, while the official Ubuntu UEFI Secure Boot chain uses 30 years. As far as I know there's no real reason for the discrepancy here, so extend our expiry duration to match that used by Ubuntu.
To post a comment you must log in.