expired sig?

[Joel Rees]

I just installed gnupg 1.4.9 and, just for grins (since I hadn't yet  
installed gpg and had already checked the SHA1 signature), I did gpg  
--verify on the signature file gnupg-1.4.9.tar.gz.sig .

It says the signature for "Werner Koch (dist sig) <dd9jn at gnu.org>" is  
good, then it says:

gpg: Note: This key has expired!

(Signature made Thu Mar 27 02:39:36 2008 JST using RSA key ID 1CE0C630)

Maybe they expected an update to occur before now?