Hi Daniel, On Mon, Jul 13, 2020 at 8:27 AM Daniel Shahaf <danielsh@apache.org> wrote: > > a debian/upstream/signing-key.asc file > which contains an expired snapshot of upstream's signing key Did uscan give you any trouble when trying to validate upstream's release signature? Kind regards Felix Lechner