expired GPG key for TeX Live 2020

dany111 at email.it dany111 at email.it
Wed May 6 17:49:45 CEST 2020

as I said in the first message, I downloaded texlive2020.iso. When I verify the sha512 with gpg signature, I receive this message

gpg: Signature made 04/06/20 15:40:20 ora legale Europa occidentale
gpg:                using RSA key 4CE1877E19438C70
gpg: Good signature from "TeX Live Distribution <tex-live at tug.org>" [unknown]
gpg: Note: This key has expired!
Primary key fingerprint: C78B 82D8 C795 12F7 9CC0  D7C8 0D5E 5D91 06BA B6BC
    Subkey fingerprint: D8F2 F860 57A8 57E4 2A88  106A 4CE1 877E 1943 8C70

I refreshed keys from gpg but nothing changed. Then I tried to retrieve the keys from other keyservers, given that in another message (https://tug.org/pipermail/tex-live/2020-April/045332.html) I read that the expired key was renewed so I thought it was my problem.

Given that I don't have tlmgr yet, where could I get the correct key to import and verify the sha512 with gpg signature?

Best regards 

> I thought the key is always updated all the key servers. However, even though I import the key from this keyserver again, gpg always tells me that the key used for the signature has expired. I don't know how to proceed.

We don't use any keyservers for verification in TeX Live. Thus,
keyservers **might** be up to date or not. As I said already, we *ship*
the public key.

How to you check the verification status? Do you use tlmgr? If yes, then
it should use the --homedir where we ship the public key.

Which version of TeX Live are you using.


PREINING Norbert                              https://www.preining.info
Accelia Inc. + IFMGA ProGuide + TU Wien + JAIST + TeX Live + Debian Dev
GPG: 0x860CDC13   fp: F7D8 A928 26E3 16A1 9FA0 ACF0 6CAC A448 860C DC13

More information about the tex-live mailing list.