Package: qa.debian.org Severity: wishlist Hello,
the upstream signing key debian/upstream/signing-key.asc might have expired. It seems the process that leads to the DDPO dashboard happily ignores such a situation and continues operation. While this shouldn't do harm in the rare case of hijacking as the package maintainer should be careful in the work anyway, it was helpful if the DDPO page could place an extra warning like "Signature validation failed" or "Signing key expired" here. Optionally even "... will expire soon". Example: libgpg-error (filed as #985793) <https://qa.debian.org/developer.php?login=pkg-gnupg-maint%40lists.alioth.debian.org> Related lintian bug: #964971 Christoph
signature.asc
Description: PGP signature
