Differences

This shows you the differences between two versions of the page.

--- vcs:commit-signing [2021/04/01 14:56] – log.showSignature pollita
+++ vcs:commit-signing [2021/04/01 16:48] (current) – improve documentation around key expiration bishop
@@ Line 341: / Line 341: @@
 ==== Do I need a passphrase? ====
-Yes. If you're private key falls into the wrong hands, they'll be unable to use the key without the passphrase.
+Yes. If your private key falls into the wrong hands, they'll be unable to use the key without the passphrase.
 ==== Should my key expire? ====
-This guide created an immortal key (see step 2). If you are sufficiently paranoid and do not mind periodic bookkeeping, then by all means create a key that is short lived. An expired key acts like a deleted key: you won't be able to sign with it any more, so follow the "What if I lose my key?" flow described above.
+This guide created an immortal key (see step 2), because //for this use case// [[https://security.stackexchange.com/a/79386/72365|key expiration does not add any security]] while it increases development friction.
-As part of regular security hygiene, consider rotating your keys at least yearly anyway.
+As part of regular security hygiene, however, consider creating a new key and replacing the old one at GitHub annually.