Currently published (hkps://pgp.surfnet.nl hkps://keyserver.ubuntu.com hkps://keys.openpgp.org hkps://pgpkeys.eu) BF3A87D91B70BE32CAD64A2645D0CAA6D26B0F7D expired:
pub rsa4096 2023-01-05 [SC] [expired: 2025-01-04]
BF3A87D91B70BE32CAD64A2645D0CAA6D26B0F7D
uid [ expired] Open Source <opensource@palantir.com>
but it was used to sign com/palantir/javaformat/palantir-java-format/2.68.0/palantir-java-format-2.68.0.jar:
gpg: Signature made Mon 09 Jun 2025 14:58:49 CEST
gpg: using RSA key 45D0CAA6D26B0F7D
gpg: Good signature from "Open Source <opensource@palantir.com>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: BF3A 87D9 1B70 BE32 CAD6 4A26 45D0 CAA6 D26B 0F7D
Signature was made AFTER key expiration time. This suggests to me, the key has been updated locally (at the place signatures are made) but its new version was not published to servers.
Currently published (hkps://pgp.surfnet.nl hkps://keyserver.ubuntu.com hkps://keys.openpgp.org hkps://pgpkeys.eu) BF3A87D91B70BE32CAD64A2645D0CAA6D26B0F7D expired:
but it was used to sign com/palantir/javaformat/palantir-java-format/2.68.0/palantir-java-format-2.68.0.jar:
Signature was made AFTER key expiration time. This suggests to me, the key has been updated locally (at the place signatures are made) but its new version was not published to servers.