Nate Bargmann [2019-07-07T12:03:35-05] wrote: > Within the past day I have received two mails via the debian-announce > list (I recently subscribed), and have seen some on this list where I > am seeing the output from gpgme in neomutt that the signing key > expired some time ago. Not expired within the past days but months or > almost a couple of years ago. As I have my signing key set not to > expire, I'm not sure if gnupg is issuing a warning about an expired > key to those senders.
You need to update your copy of the keys. Those developers have very likely updated the expiration day and moved it again to some point in the future. Debian developers' keys can be updated with WKD protocol usign their debian.org email address: gpg --auto-key-locate clear,nodefault,wkd --locate-key d...@debian.org It's good idea to have expiration date in PGP keys. If the owner loses his key (or the owner dies!) and can't revoke the key or can't send the revocation certificate everywhere then at least the expiry date takes care of invalidating the key. Expiration date is also hint for other people that they may need to update the key. -- /// OpenPGP key: 4E1055DC84E9DFF613D78557719D69D324539450 // https://keys.openpgp.org/search?q=tliko...@iki.fi / https://keybase.io/tlikonen https://github.com/tlikonen
signature.asc
Description: PGP signature