[cmake-developers] Tag signature with expired key
Alan W. Irwin
irwin at beluga.phys.uvic.ca
Mon Dec 12 20:26:08 EST 2016
Hi Brad:
I attempted to verify a recent tag on the release branch with the
following results:
software at raven> git tag --verify v3.7.1
object db3499df5d06ab2cacc61e9f7720a33456aeafe4
type commit
tag v3.7.1
tagger Brad King <brad.king at kitware.com> 1480522722 -0500
CMake 3.7.1
gpg: Signature made Wed 30 Nov 2016 08:18:42 AM PST using RSA key ID 34921684
gpg: checking the trustdb
gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
gpg: Good signature from "Brad King"
gpg: aka "Brad King <brad.king at kitware.com>"
gpg: aka "[jpeg image of size 4005]"
gpg: Note: This key has expired!
Primary key fingerprint: CBA2 3971 357C 2E65 90D9 EFD3 EC8F EF3A 7BFB 4EDA
Subkey fingerprint: C6C2 6532 4BBE BDC3 50B5 13D0 2D2C EF10 3492 1684
error: could not verify the tag 'v3.7.1'
software at raven> echo $?
1
I assume that error in an otherwise good tag signature is due to the
fact your key has expired, but I thought it was impossible to sign
with an expired key? Anyhow, I thought I should bring this signing by
an expired key to your attention in case there is something going on
here that you are not aware of.
Alan
__________________________
Alan W. Irwin
Astronomical research affiliation with Department of Physics and Astronomy,
University of Victoria (astrowww.phys.uvic.ca).
Programming affiliations with the FreeEOS equation-of-state
implementation for stellar interiors (freeeos.sf.net); the Time
Ephemerides project (timeephem.sf.net); PLplot scientific plotting
software package (plplot.sf.net); the libLASi project
(unifont.org/lasi); the Loads of Linux Links project (loll.sf.net);
and the Linux Brochure Project (lbproject.sf.net).
__________________________
Linux-powered Science
__________________________
More information about the cmake-developers
mailing list