From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: AS53758 23.128.96.0/24 X-Spam-Status: No, score=-3.9 required=3.0 tests=AWL,BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, SPF_HELO_PASS,SPF_PASS shortcircuit=no autolearn=ham autolearn_force=no version=3.4.2 Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by dcvr.yhbt.net (Postfix) with ESMTP id 9A6011F8C6 for ; Tue, 7 Sep 2021 18:12:55 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345762AbhIGSOB (ORCPT ); Tue, 7 Sep 2021 14:14:01 -0400 Received: from cloud.peff.net ([104.130.231.41]:40832 "EHLO cloud.peff.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S245148AbhIGSOA (ORCPT ); Tue, 7 Sep 2021 14:14:00 -0400 Received: (qmail 19907 invoked by uid 109); 7 Sep 2021 18:12:54 -0000 Received: from Unknown (HELO peff.net) (10.0.1.2) by cloud.peff.net (qpsmtpd/0.94) with ESMTP; Tue, 07 Sep 2021 18:12:54 +0000 Authentication-Results: cloud.peff.net; auth=none Received: (qmail 16311 invoked by uid 111); 7 Sep 2021 18:12:54 -0000 Received: from coredump.intra.peff.net (HELO sigill.intra.peff.net) (10.0.0.2) by peff.net (qpsmtpd/0.94) with (TLS_AES_256_GCM_SHA384 encrypted) ESMTPS; Tue, 07 Sep 2021 14:12:54 -0400 Authentication-Results: peff.net; auth=none Date: Tue, 7 Sep 2021 14:12:53 -0400 From: Jeff King To: Junio C Hamano Cc: git@vger.kernel.org Subject: expired key in junio-gpg-pub Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org It looks like your signing key is expired, and tag verification fails: $ mkdir /tmp/foo $ export GNUPGHOME=/tmp/foo $ git cat-file blob junio-gpg-pub | gpg --import gpg: WARNING: unsafe permissions on homedir '/tmp/foo' gpg: keybox '/tmp/foo/pubring.kbx' created gpg: key 20D04E5A713660A7: 27 signatures not checked due to missing keys gpg: /tmp/foo/trustdb.gpg: trustdb created gpg: key 20D04E5A713660A7: public key "Junio C Hamano " imported gpg: Total number processed: 1 gpg: imported: 1 gpg: no ultimately trusted keys found $ git tag -v v2.33.0 object 225bc32a989d7a22fa6addafd4ce7dcd04675dbf type commit tag v2.33.0 tagger Junio C Hamano 1629141357 -0700 Git 2.33 gpg: WARNING: unsafe permissions on homedir '/tmp/foo' gpg: Signature made Mon Aug 16 15:15:57 2021 EDT gpg: using RSA key E1F036B1FEE7221FC778ECEFB0B5E88696AFE6CB gpg: Good signature from "Junio C Hamano " [unknown] gpg: aka "Junio C Hamano " [unknown] gpg: aka "Junio C Hamano " [unknown] gpg: Note: This key has expired! Primary key fingerprint: 96E0 7AF2 5771 9559 80DA D100 20D0 4E5A 7136 60A7 Subkey fingerprint: E1F0 36B1 FEE7 221F C778 ECEF B0B5 E886 96AF E6CB $ echo $? 1 Have you extended the expiration on it? I wasn't able to find any updates on the keyservers I checked. But regardless, we should probably ship an updated one via the tag. -Peff