feature request: allow list GPG keys to be configured with expiration dates as a fail secure measure
Something I've noticed is the list GPG keys created by schleuder have no expiration date. While this is technically OK so long as the owner has a copy of the private key, consider the following scenario:
- List public key is uploaded to the public key servers
- List private key is lost and no backup or revocation certificate exists (bad practice on both counts, but sadly still happens in reality at times)
The public key will now live on forever on the public key servers instead of eventually expiring after a period of time.
This is by no means crucial IMO and would also require schleuder to periodically check the expiration dates of the list private keys and send reminders to the admins about updating them (as well as providing a function for updating them ... and/or perhaps an auto-update feature to allow for continued operation unless an admin intervenes to allow the key to expire or to force a revocation).