Van L <van@scratch.space> writes:

> Hi, gpg2 says:

Hi!

>   XXX% gpg2 --verify emacs-26.2-rc1.tar.xz.sig
>   gpg: assuming signed data in 'emacs-26.2-rc1.tar.xz'
>   gpg: Signature made Thu 21 Mar 08:30:08 2019 AEDT
>   gpg:                using RSA key D405AA2C862C54F17EEE6BE0E8BCD7866AFCF978
>   gpg: Can't check signature: No public key
>   
> The result for verifying the file is different to the bottom at [1]
>
> Following [2] next produces the note that the key has expired!
>
>   XXX% gpg2 --verify --keyring ./gnu-keyring.gpg emacs-26.2-rc1.tar.xz.sig 
>   gpg: assuming signed data in 'emacs-26.2-rc1.tar.xz'
>   gpg: Signature made Thu 21 Mar 08:30:08 2019 AEDT
>   gpg:                using RSA key D405AA2C862C54F17EEE6BE0E8BCD7866AFCF978
>   gpg: Good signature from "Nicolas Petton <nicolas@petton.fr>" [unknown]
>   gpg:                 aka "Nicolas Petton <petton.nicolas@gmail.com>" [unknown]
>   gpg:                 aka "Nicolas Petton <nicolas@foretagsplatsen.se>" [unknown]
>              ᘁ
>   gpg: Note: This key has expired!
>   Primary key fingerprint: 28D3 BED8 51FD F3AB 57FE  F93C 2335 87A4 7C20 7910
>        Subkey fingerprint: D405 AA2C 862C 54F1 7EEE  6BE0 E8BC D786
>   6AFC F978

The key is not expired, it currently expires the 2020-01-02.  However,
the GNU keyring has apparently not been updated.

Nico