It seems that Gentoo Portage Snapshot Signing Key (Automated Signing Key) is expired. gpg --refresh-keys does not help. Reproducible: Always Actual Results: Checking signature ... gpg: WARNING: unsafe permissions on homedir '/var/lib/gentoo/gkeys/keyrings/gentoo/release' gpg: Signature made Do 10 Jan 2019 01:51:29 CET gpg: using RSA key E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" [expired] gpg: Note: This key has expired! Primary key fingerprint: DCD0 5B71 EAB9 4199 527F 44AC DB6B 8C1F 96D8 BF6D Subkey fingerprint: E1D6 ABB6 3BFC FB4B A02F DF1C EC59 0EEA C918 9250 emerge-webrsync: error: signature verification failed
$ gpg --list-keys E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250 pub rsa4096/0xDB6B8C1F96D8BF6D 2011-11-25 [C] [expires: 2020-01-01] DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D uid [ unknown] Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org> uid [ full ] Gentoo Portage Snapshot Signing Key (Automated Signing Key) sub rsa4096/0xEC590EEAC9189250 2011-11-25 [S] [expires: 2020-01-01] *** This bug has been marked as a duplicate of bug 674224 ***