https://bz.apache.org/bugzilla/show_bug.cgi?id=69725
--- Comment #1 from Stefan Bodewig <[email protected]> --- I don't think the expired signatures should cause any problems at all, they merely provide historical background so to say. The problem 2 about the "orphaned user ID" most likely is my ancient key at the top of the KEYS file that I used to sign Ant 1.1 almost 25 years ago. This key is not self-signed as pgp 2.6 didn't create self-signatures back in 1999 :-) You should be able to remove the key and git rid of the warning, but the warning in general should not prevent a successful import of the remaining keys. We can not simply remove it from the KEYS file in case anybody wants to verify the signature on 1.1. gpg --import KEYS works for me including a bunch of warnings about weak algorithms (that were no considered weak then the keys were signed) as well as other poroblems, But it does import Jaikiran's key that is used to sign 1.10.15 (0A123C1ED3F13A6A0140E166C71FB765CD9DE313) -- You are receiving this mail because: You are the assignee for the bug.
