I'm no GPG expert, but IIUC the fact that the key is expired doesn't
affect the ability to verify a signature as one of the components of
verification is that the signature happened before expiry.
Just that the key expiry will need to be extended before it is used to
sign the next release, but that is not your problem.
On Thu, 8 Jul 2021 at 20:13, Wandering Swordsman via Users
I'm not that familiar with mailing lists so I hope I'm posting this correctly.
I was trying to compile Geany with the geany-1.37.1.tar.gz from
However when I downloaded the GPG Signature (geany-1.37.1.tar.gz.sig) and the GPG Key
(colombanw-pubkey.txt) and compared them I got a "This key has expired!"
gpg --verify geany-1.37.1.tar.gz.sig geany-1.37.1.tar.gz
gpg: Signature made Sun 08 Nov 2020 10:20:32 AM MST
gpg: Good signature from "Colomban Wendling <ban(a)ban.netlib.re>"
gpg: aka "Colomban Wendling <ban(a)herbesfolles.org>"
gpg: aka "Colomban Wendling <lists.ban(a)herbesfolles.org>"
gpg: Note: This key has expired!
Users mailing list