Greetings.
I'm not that familiar with mailing lists so I hope I'm posting this correctly.
I was trying to compile Geany with the geany-1.37.1.tar.gz from https://geany.org/download/releases/
However when I downloaded the GPG Signature (geany-1.37.1.tar.gz.sig) and the GPG Key (colombanw-pubkey.txt) and compared them I got a "This key has expired!" warning.
gpg --verify geany-1.37.1.tar.gz.sig geany-1.37.1.tar.gz gpg: Signature made Sun 08 Nov 2020 10:20:32 AM MST gpg: Good signature from "Colomban Wendling ban@ban.netlib.re" [expired] gpg: aka "Colomban Wendling ban@herbesfolles.org" [expired] gpg: aka "Colomban Wendling lists.ban@herbesfolles.org" [expired] gpg: Note: This key has expired!
I'm no GPG expert, but IIUC the fact that the key is expired doesn't affect the ability to verify a signature as one of the components of verification is that the signature happened before expiry.
Just that the key expiry will need to be extended before it is used to sign the next release, but that is not your problem.
Cheers Lex
On Thu, 8 Jul 2021 at 20:13, Wandering Swordsman via Users users@lists.geany.org wrote:
Greetings.
I'm not that familiar with mailing lists so I hope I'm posting this correctly.
I was trying to compile Geany with the geany-1.37.1.tar.gz from https://geany.org/download/releases/
However when I downloaded the GPG Signature (geany-1.37.1.tar.gz.sig) and the GPG Key (colombanw-pubkey.txt) and compared them I got a "This key has expired!" warning.
gpg --verify geany-1.37.1.tar.gz.sig geany-1.37.1.tar.gz gpg: Signature made Sun 08 Nov 2020 10:20:32 AM MST gpg: Good signature from "Colomban Wendling ban@ban.netlib.re" [expired] gpg: aka "Colomban Wendling ban@herbesfolles.org" [expired] gpg: aka "Colomban Wendling lists.ban@herbesfolles.org" [expired] gpg: Note: This key has expired!
Users mailing list Users@lists.geany.org https://lists.geany.org/cgi-bin/mailman/listinfo/users