I downloaded portage-20100806.tar.lzma snapshot and find out that signing key is expired: # LANG=en gpg --list-keys 239C75C4 pub 1024D/239C75C4 2007-11-25 [expired: 2009-11-24] uid Gentoo Portage Snapshot Signing Key (Automated Signing Key) Please generate and sign new key.
Update your keyring first: gpg --refresh-keys 239C75C4. The key was updated and it will expire 2011-11-24 (see <http://www.gentoo.org/proj/en/releng/#doc_chap5>)
Well, it appears 2011-11-24 has come around. This is a bug now ? =) gpg --verify portage-20111123.tar.xz.gpgsig portage-20111123.tar.xz gpg: Signature made Thu Nov 24 00:55:01 2011 UTC using DSA key ID 239C75C4 gpg: Good signature from "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" gpg: Note: This key has expired! Primary key fingerprint: AE54 54F9 67B5 6AB0 9AE1 6064 0838 C26E 239C 75C4 gpg -k pub 1024D/239C75C4 2007-11-25 [expired: 2011-11-24] uid Gentoo Portage Snapshot Signing Key (Automated Signing Key) gpg --refresh-keys 239C75C4 gpg: refreshing 1 key from hkp://keys.gnupg.net gpg: requesting key 239C75C4 from hkp server keys.gnupg.net gpg: key 239C75C4: "Gentoo Portage Snapshot Signing Key (Automated Signing Key)" not changed gpg: Total number processed: 1 gpg: unchanged: 1
(In reply to comment #2) > Well, it appears 2011-11-24 has come around. This is a bug now ? =) I guess it is. But please file a new bug next time. Assigning the bug to infra. I think they set the signing up.
239C75C4 has been renewed for 6 months. 96D8BF6D is the new key (going into the docs now)
releng docs updated, new key in place and on keyservers. (i've also signed the new key as I created it if you've ever met me or trust me via the trustwebs).