$ gpg --verify stage3-amd64-hardened+nomultilib-20140904.tar.bz2.DIGESTS.asc gpg: Signature made Fri Sep 5 03:41:16 2014 CST using RSA key ID 2D182910 gpg: Good signature from "Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>" gpg: Note: This key has expired! Primary key fingerprint: 13EB BDBE DE7A 1277 5DFD B1BA BB57 2E0E 2D18 2910 $ date Thu Sep 18 11:43:38 CST 2014 Reproducible: Always Steps to Reproduce: Attempt to verify digests via: gpg --verify stage3-amd64-hardened+nomultilib-20140904.tar.bz2.DIGESTS.asc # or similar Actual Results: Receive expired key warning 'gpg: Note: This key has expired!'. Expected Results: Up to date key.
No up to date replacement available on public keyservers. $ gpg --search releng@gentoo.org gpg: searching for "releng@gentoo.org" from hkp server keys.gnupg.net (1) Gentoo Linux Release Engineering (Automated Weekly Release Key) <relen 4096 bit RSA key 2D182910, created: 2009-08-25 (2) Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key) <r 1024 bit DSA key 17072058, created: 2004-07-20 (3) Gentoo Linux Release Enginneering <releng@gentoo.org> John Davis (Gentoo Linux Developer) <zhen@gentoo.org> 1024 bit DSA key 19462D47, created: 2003-06-09 (revoked) Keys 1-3 of 3 for "releng@gentoo.org". Enter number(s), N)ext, or Q)uit > q
*** This bug has been marked as a duplicate of bug 484946 ***
Looks OK to me. gpg --keyserver pool.sks-keyservers.net --search 0x2D182910 gpg: searching for "0x2D182910" from hkp server pool.sks-keyservers.net (1) Gentoo Linux Release Engineering (Automated Weekly Release Key) <relen 4096 bit RSA key 2D182910, created: 2009-08-25, expires: 2015-08-24