Thoughts
I have been informed by Gitlab that my ssh key has expired.
This is literally so silly I can't wrap my head around it. Like. I have three public SSH keys, https://github.com/matthiasPortzel.keys.
The whole point of SSH keys is that you use the same client SSH key for all servers. Am I supposed to have a special key just for GitLab so that I can rotate just that key on their timeline? Am I supposed to replace that key and change it on all servers?
Password rotation is dumb, but at least it helps prevent password reuse, which is a real problem.
But my SSH key hasn't expired. My SSH key is a file that sits on my computer and it has never left my computer and it has never changed. And it's never left my computer and it's never been hacked.
It's like forcing me to reinstall my operating system or something in order to connect to your website; it's none of your business. I gave you my public key.
Like, git does key signing. If I have commits signed with that key, are they no longer mine because the key has "expired"? Am I supposed add a new key every year and never get rid of the old ones?
It's irrelevant because I don't use Gitlab but yeah. I'm not about to start.