GPG commit signing key expired

[LucidOne]

$ git verify-commit a92d46b4c923e431bafb71cf55bc3abd3a9bb405
gpg: Signature made Sat 29 Dec 2018 07:43:58 AM EST
gpg:                using RSA key 868184069239FF65DE0BCD7DD9BAE35991DE5B22
gpg: Good signature from "Szczepan Zalega <szczepan.zalega@gmail.com>" [expired]
gpg:                 aka "Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 8681 8406 9239 FF65 DE0B  CD7D D9BA E359 91DE 5B22

$ gpg --list-keys 868184069239FF65DE0BCD7DD9BAE35991DE5B22
pub   rsa4096 2016-01-11 [SC] [expired: 2019-01-10]
      868184069239FF65DE0BCD7DD9BAE35991DE5B22
uid           [ expired] Szczepan Zalega <szczepan.zalega@gmail.com>
uid           [ expired] Szczepan Zalega (Nitrokey) <szczepan@nitrokey.com>

[szszszsz]

Indeed, the key expired on 2019-01-10, but was extended. Please refresh your keys with:

gpg2 --refresh-keys

Closing as invalid, since this is not an issue from the source code POV.

[beerisgood]

@szszszsz your key expired today (2020-01-11) again

[szszszsz]

@beerisgood Yes, this time I have not extended it in time indeed (this is the first time actually). Thank you for notice. Just uploaded updated metadata. Will take a few hours to propagate probably.

[beerisgood]

You should also add your key to the new more secure key server: https://keys.openpgp.org/

[szszszsz]

Looks nice, added my key there - thank you. I see from the description it is more privacy focused, and I guess it is abuse-resistant due to not having SKS in design. It has emails verification, which is surely nice. Implementation being based on Rust is advantage too. Any other features I missed?

[beerisgood]

Email verification & privacy focused are the most important changes I guess. Nice that you finish that too!