Hi I decided to do an ascii re-install of Devuan Chimera and was not
able to verify the download completely. The shasum was good but the
verification failed due to an expired key. This is a log of my
terminal activity after downloading the iso and keys files through
firefox:
~/Downloads/Devuan $
sha256 -C SHASUMS.txt devuan_chimaera_4.0.0_amd64_minimal-live.iso
(SHA256) devuan_chimaera_4.0.0_amd64_minimal-live.iso: OK
~/Downloads/Devuan $
gpg --import devuan-devs.gpg
gpg: key 27B9FAA4EBAA93A1: 3 signatures not checked due to missing keys
gpg: key 27B9FAA4EBAA93A1: public key "Daniel Reurich (Centurion_Dan)
<daniel@???>" imported
gpg: key D95DDF2BF71AAAEB: 2 signatures not checked due to missing keys
gpg: key D95DDF2BF71AAAEB: public key "fsmithred (aka fsr)
<fsmithred@???>" imported
gpg: key 73B35DA54ACB7D10: 15 signatures not checked due to missing keys
gpg: key 73B35DA54ACB7D10: public key "Denis Roio (Jaromil)
<jaromil@???>" imported
gpg: key 5F20B3AE0B5F062F: 17 signatures not checked due to missing keys
gpg: key 5F20B3AE0B5F062F: public key "Vincenzo (KatolaZ) Nicosia
<katolaz@???>" imported
gpg: key DFEDF580D6132D50: 29 signatures not checked due to missing keys
gpg: key DFEDF580D6132D50: public key "Franco Lanza (nextime)
<franco@???>" imported
gpg: key B876CB44FA1B0274: public key "parazyd <parazyd@???>" imported
gpg: key A73823D3094C5620: 1 signature not checked due to a missing key
gpg: key A73823D3094C5620: public key "fsmithred (aka fsr)
<fsmithred@???>" imported
gpg: key 70285BA5CF280BA4: public key "Ralph Ronnquist (rrq)
<ralph.ronnquist@???>" imported
gpg: Total number processed: 8
gpg: imported: 8
gpg: marginals needed: 3 completes needed: 1 trust model: pgp
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
~/Downloads/Devuan $
gpg --verify SHASUMS.txt.asc
gpg: assuming signed data in 'SHASUMS.txt'
gpg: Signature made Fri Oct 15 01:26:06 2021 BST
gpg: using RSA key 67F5013216271E85C251E480A73823D3094C5620
gpg: Good signature from "fsmithred (aka fsr) <fsmithred@???>" [expired]
gpg: Note: This key has expired!
Primary key fingerprint: 67F5 0132 1627 1E85 C251 E480 A738 23D3 094C 5620
Many Thanks
PS this was done on an OpenBSD system so the sha256 command is a
little different.