I'm no GPG expert, but IIUC the fact that the key is expired doesn't affect the ability to verify a signature as one of the components of verification is that the signature happened before expiry.
Just that the key expiry will need to be extended before it is used to sign the next release, but that is not your problem. Cheers Lex On Thu, 8 Jul 2021 at 20:13, Wandering Swordsman via Users <[email protected]> wrote: > > Greetings. > > I'm not that familiar with mailing lists so I hope I'm posting this correctly. > > > I was trying to compile Geany with the geany-1.37.1.tar.gz from > https://geany.org/download/releases/ > > However when I downloaded the GPG Signature (geany-1.37.1.tar.gz.sig) and the > GPG Key (colombanw-pubkey.txt) and compared them I got a "This key has > expired!" warning. > > gpg --verify geany-1.37.1.tar.gz.sig geany-1.37.1.tar.gz > gpg: Signature made Sun 08 Nov 2020 10:20:32 AM MST > gpg: Good signature from "Colomban Wendling <[email protected]>" [expired] > gpg: aka "Colomban Wendling <[email protected]>" [expired] > gpg: aka "Colomban Wendling <[email protected]>" > [expired] > gpg: Note: This key has expired! > > > > _______________________________________________ > Users mailing list > [email protected] > https://lists.geany.org/cgi-bin/mailman/listinfo/users _______________________________________________ Users mailing list [email protected] https://lists.geany.org/cgi-bin/mailman/listinfo/users
