$ gpg --verify mixmaster-2.9.1.tar.gz.sig
mixmaster-2.9.1.tar.gz gpg: Signature made Sun Nov
9 12:08:58 2003 CET using DSA key ID 9260849A
gpg: Good signature from "Mixmaster Code Release
Signing Key 2003"
gpg: Note: This key has expired!
Logged In: YES
NAB. This is by design -- The Mixmaster code signing keys are
created with a one-year validity. After that year, they expire and
are not used for signing. There is nothing wrong with using them
to verify older source packages, however.
See http://mixmaster.sf.net for this year's signing key.