I'm no GPG expert, but IIUC the fact that the key is expired doesn't
affect the ability to verify a signature as one of the components of
verification is that the signature happened before expiry.
Just that the key expiry will need to be extended before it is used to
sign the next release, but that is not your problem.
Cheers
Lex
On Thu, 8 Jul 2021 at 20:13, Wandering Swordsman via Users
<users(a)lists.geany.org> wrote:
Greetings.
I'm not that familiar with mailing lists so I hope I'm posting this correctly.
I was trying to compile Geany with the geany-1.37.1.tar.gz from
https://geany.org/download/releases/
However when I downloaded the GPG Signature (geany-1.37.1.tar.gz.sig) and the GPG Key
(colombanw-pubkey.txt) and compared them I got a "This key has expired!"
warning.
gpg --verify geany-1.37.1.tar.gz.sig geany-1.37.1.tar.gz
gpg: Signature made Sun 08 Nov 2020 10:20:32 AM MST
gpg: Good signature from "Colomban Wendling <ban(a)ban.netlib.re>"
[expired]
gpg: aka "Colomban Wendling <ban(a)herbesfolles.org>"
[expired]
gpg: aka "Colomban Wendling <lists.ban(a)herbesfolles.org>"
[expired]
gpg: Note: This key has expired!
_______________________________________________
Users mailing list
Users(a)lists.geany.org
https://lists.geany.org/cgi-bin/mailman/listinfo/users