Stale comment about GPG key expiry?

[jasonmp85]

We recently had a question about this line when poking around for how to import these keys within a Docker build…

postgres/12/Dockerfile

Line 62 in a8613f4

# pub 4096R/ACCC4CF8 2011-10-13 [expires: 2019-07-02]

After writing the public key out to a file and looking at its packets using pgpdump, I found that the July 2019 expiry comes from a 2014 signature, but there is a subsequent signature from 2017 with no expiration, which is (I think) how this even works at all.

So… that comment is just stale, right? Or am I misunderstanding something?

[yosifkit]

Yeah, it seems the comment is just out of date. The comment was created in #246 (Jan 2017).

root@c107795ca253:/# export GNUPGHOME="$(mktemp -d)";
root@c107795ca253:/# key='B97B0AFCAA1A47F044F244A07FCC7D46ACCC4CF8';
root@c107795ca253:/# gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "$key";
gpg: keybox '/tmp/tmp.gtOCk93bjU/pubring.kbx' created
gpg: /tmp/tmp.gtOCk93bjU/trustdb.gpg: trustdb created
gpg: key 7FCC7D46ACCC4CF8: public key "PostgreSQL Debian Repository" imported
gpg: Total number processed: 1
gpg:               imported: 1
root@c107795ca253:/# gpg --fingerprint
/tmp/tmp.gtOCk93bjU/pubring.kbx
-------------------------------
pub   rsa4096 2011-10-13 [SC]
      B97B 0AFC AA1A 47F0 44F2  44A0 7FCC 7D46 ACCC 4CF8
uid           [ unknown] PostgreSQL Debian Repository

[jasonmp85]

OK… I suppose you all should probably remove that comment, but since I got my question answered I don't really need this issue anymore. Closing it.