PGP public key which sign tgz and zip files expired
could this be part of the malware/phishing problem on the site?
No this is False-Positive-Attack by competitors.
PGP signature is for verify if files which is signed its from source who signed them.
It could have expired, but signature key was valid, at the time of signing.
For security reasons, we’re having pgp key that’s valid only for 1y, I’ll update the key with next update.
@filchef r u sure you have up to date key? I’ve just checked and expiry date is 2017:
https://pgp.mit.edu/pks/lookup?op=vindex&search=0x63B54713A46494A9
Thank you @gimre I use Kleopatra for Windows and I dont know there was new updated PGP key.
Kleopatra have bug and can’t donload new key from server so I copy it to the text file and add it to Kleopatra.