<html>
  <head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8">
  </head>
  <body>
<div><span style="" class=""><span class="font" style="font-family:monospace, sans-serif"></span></span><br></div><div><span style="" class=""><span class="font" style="font-family:monospace, sans-serif">Hello,</span></span><span style="" class=""><span class="font" style="font-family:monospace, sans-serif"></span></span><br></div><div dir="auto"><span style="" class=""><span class="font" style="font-family:monospace, sans-serif"></span></span><br></div><div dir="auto"><span style="" class=""><span class="font" style="font-family:monospace, sans-serif">I'm building gpg and its dependencies from source, using dependencies downloaded from the gnupg.org downloads page </span></span><a target="_blank" rel="noopener noreferrer" href="https://gnupg.org/download/index.html"><span style="" class=""><span class="font" style="font-family:monospace, sans-serif">https://gnupg.org/download/index.html</span></span></a><span style="" class=""><span class="font" style="font-family:monospace, sans-serif">. I've imported the key specified on the website and have verified the gpg source and all of the dependencies except for npth1.6. When I try to verify npth, the output is</span></span><span style="" class=""><span class="font" style="font-family:monospace, sans-serif"></span></span><br></div><div dir="auto"><span style="" class=""><span class="font" style="font-family:monospace, sans-serif"></span></span><br></div><div dir="auto"><span style="" class=""><span class="font" style="font-family:monospace, sans-serif">gpg: Signature made Mon 16 Jul 2018 12:37:23 AM PDT</span></span><span style="" class=""><span class="font" style="font-family:monospace, sans-serif"></span></span><br></div><div dir="auto"><span style="" class=""><span class="font" style="font-family:monospace, sans-serif">gpg:                using RSA key D8692123C4065DEA5E0F3AB5249B39D24F25E3B6</span></span><span style="" class=""><span class="font" style="font-family:monospace, sans-serif"></span></span><br></div><div dir="auto"><span style="" class=""><span class="font" style="font-family:monospace, sans-serif">gpg: Can't check signature: No public key</span></span><span style="" class=""><span class="font" style="font-family:monospace, sans-serif"></span></span><br></div><div dir="auto"><span style="" class=""><span class="font" style="font-family:monospace, sans-serif"></span></span><br></div><div dir="auto"><span style="" class=""><span class="font" style="font-family:monospace, sans-serif">Looking around on the internet I can find some indication that this is an old key belonging to Werner Koch that expired in 2019, but I would like to be able to properly verify npth before building it. Can anyone advise on how best to proceed? </span></span><br></div><div dir="auto"><br></div><div dir="auto"><span style="" class=""><span class="font" style="font-family:monospace, sans-serif">Many thanks.</span></span><br></div>  </body>
</html>