[cmake-developers] Tag signature with expired key
Rolf Eike Beer
eike at sf-mail.de
Tue Dec 13 01:34:21 EST 2016
Am Montag, 12. Dezember 2016, 17:26:08 schrieb Alan W. Irwin:
> Hi Brad:
>
> I attempted to verify a recent tag on the release branch with the
> following results:
>
> software at raven> git tag --verify v3.7.1
> object db3499df5d06ab2cacc61e9f7720a33456aeafe4
> type commit
> tag v3.7.1
> tagger Brad King <brad.king at kitware.com> 1480522722 -0500
>
> CMake 3.7.1
> gpg: Signature made Wed 30 Nov 2016 08:18:42 AM PST using RSA key ID
> 34921684 gpg: checking the trustdb
> gpg: 3 marginal(s) needed, 1 complete(s) needed, classic trust model
> gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
> gpg: Good signature from "Brad King"
> gpg: aka "Brad King <brad.king at kitware.com>"
> gpg: aka "[jpeg image of size 4005]"
> gpg: Note: This key has expired!
> Primary key fingerprint: CBA2 3971 357C 2E65 90D9 EFD3 EC8F EF3A 7BFB 4EDA
> Subkey fingerprint: C6C2 6532 4BBE BDC3 50B5 13D0 2D2C EF10 3492 1684
> error: could not verify the tag 'v3.7.1'
> software at raven> echo $?
> 1
>
> I assume that error in an otherwise good tag signature is due to the
> fact your key has expired, but I thought it was impossible to sign
> with an expired key? Anyhow, I thought I should bring this signing by
> an expired key to your attention in case there is something going on
> here that you are not aware of.
Speculation: the key was renewed locally, but those things have not been
uploaded to the keyservers.
Eikek
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://public.kitware.com/pipermail/cmake-developers/attachments/20161213/e81fda6c/attachment.sig>
More information about the cmake-developers
mailing list