Solved PGP Signed Checksum for FreeBSD Version 13.0, GPG Output: "Note: This key has expired!"

[BS:D]

Hi All,

I download the PGP signed checksum for FreeBSD Version 13.0 from -

https://www.freebsd.org/releases/13.0R/checksums/CHECKSUM.SHA256-FreeBSD-13.0-RELEASE-amd64.asc

I ran the command:
gpg --keyid-format long --verify CHECKSUM.SHA256-FreeBSD-13.0-RELEASE-amd64.asc

The output of the command was:
gpg: Signature made Tue 13 Apr 2021 16:45:44 BST
gpg: using RSA key 8D12403C2E6CAB086CF64DA3031458A5478FE293
gpg: Good signature from "Glen Barber <gjb@FreeBSD.org>" [expired]
gpg: aka "Glen Barber <glen.j.barber@gmail.com>" [expired]
gpg: aka "Glen Barber <gjb@keybase.io>" [expired]
gpg: aka "Glen Barber <gjb@glenbarber.us>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 78B3 42BA 26C7 B2AC 681E A7BE 524F 0C37 A0B9 46A3
Subkey fingerprint: 8D12 403C 2E6C AB08 6CF6 4DA3 0314 58A5 478F E293

I don't really know alot about PGP, is the key still valid even if its expired? Is it still a valid checksum?

Any help/info would be much appreciated.

Thanks

 

[SirDice]

I suspect you have some old keys.

Appendix D. OpenPGP Keys

List of OpenPGP keys of the FreeBSD officers are shown here

docs.freebsd.org

 

[BS:D]

Thanks SirDice, I imported the key today from a key server, is there a particular key server I should use? Does it make a difference importing from different key servers?

UPDATE: I imported the whole keyring and now the expires gone from GPG, much appreciated