Guido"gpg --refresh-keys"
The often neglected chore. I think I should put that in my crontab one day.
Daniel@guido I think it's better to avoid refreshing all keys at one time.
It may be a little bit old but you will have some ideas:
https://riseup.net/en/security/message-security/openpgp/best-practices
@DaD merci! I'll have a look at #parcimonie.
Wiktor@DaD @guido RiseUp GPG guide is good in general but has a lot of small issues - for example most of the recommended settings (e.g. `no-honor-keyserver-url`, revocation certs, encryption subkeys) are already enabled by default. Expiration could be explained better (e.g. like in https://blogs.gentoo.org/mgorny/2018/08/13/openpgp-key-expiration-is-not-a-security-measure/).
As for refresh-keys I think the most important thing would be using HTTPS (hkps), parcimonie is okay for paranoid people but overkill for regular users IMHO.
