#49 PGP code signing key is expired

closed-invalid
Len Sassaman
General (9)
1
2014-08-18
2004-01-25
Anonymous
No

$ gpg --verify mixmaster-2.9.1.tar.gz.sig
mixmaster-2.9.1.tar.gz gpg: Signature made Sun Nov
9 12:08:58 2003 CET using DSA key ID 9260849A
gpg: Good signature from "Mixmaster Code Release
Signing Key 2003"
gpg: Note: This key has expired!

Discussion

  • Len Sassaman
    Len Sassaman
    2004-01-26

    Logged In: YES
    user_id=29569

    NAB. This is by design -- The Mixmaster code signing keys are
    created with a one-year validity. After that year, they expire and
    are not used for signing. There is nothing wrong with using them
    to verify older source packages, however.

    See http://mixmaster.sf.net for this year's signing key.

     
  • Len Sassaman
    Len Sassaman
    2004-01-26

    • priority: 5 --> 1
    • assigned_to: nobody --> rabbi
    • status: open --> closed-invalid