expired sig?

Joel Rees joel_rees at sannet.ne.jp
Sat Feb 7 15:33:34 CET 2009

On 平成 21/02/07, at 21:15, Andreas Metzler wrote:

> Joel Rees <joel_rees at sannet.ne.jp> wrote:
>> I just installed gnupg 1.4.9 and, just for grins (since I hadn't yet
>> installed gpg and had already checked the SHA1 signature), I did gpg
>> --verify on the signature file gnupg-1.4.9.tar.gz.sig .
>> It says the signature for "Werner Koch (dist sig) <dd9jn at gnu.org>" is
>> good, then it says:
>> gpg: Note: This key has expired!
>> (Signature made Thu Mar 27 02:39:36 2008 JST using RSA key ID  
>> 1CE0C630)
>> Maybe they expected an update to occur before now?
> You need to refresh the key.
> http://news.gmane.org/find-root.php?message_id=%3c87zli0ada0.fsf%5f% 
> 5f11524.4188149974%241231504564%24gmane%24org% 
> 40wheatstone.g10code.de%3e
> gpg --keyserver x-hkp://subkeys.pgp.net --recv-keys 1CE0C630

I guess I missed that one on announce at gnupg.org .

So the gnu servers or wherever I picked up the key has the old key,  

I checked to make sure the key matched several places on-line,  
including last spring's announce@ of the version, but I don't  
remember where all I checked.

Okay, thanks.

More information about the Gnupg-devel mailing list