PGP key used to sign BB 4.2.0-0 shows expired?

Forums: 
Forum tags: 

In your instructions on verifying the source file, you mention D/L'g your key & importing into our keyring (in Linux, many use Seahorse).
If I made a mistake here, I apologize.

But when I d/l the latest key on SF & import it, gpg gives msg, "key D6D447B02B4D4C9D: "Andrew Ziem " not changed."
That is true - I had that key & gpg says it is expired (confirmed in my keyring app).

Now, I have a later? key for you that never expires, but gpg is saying the package bleachbit_4.2.0-0_all_ubuntu2004.deb, was SIGNED w/ the key (ID) above (ending in 4c9d).

The file I D/L'd: bleachbit_4.2.0-0_all_ubuntu2004.deb

Signature made Sat 30 Jan 2021 01:57:13 PM CST
gpg: using RSA key A9E582E4054A159315EDC943D6D447B02B4D4C9D
gpg: Good signature from "Andrew Ziem " [expired]
gpg: Note: This key has expired!

It appeared to expire on 05/24/2021.
The key I have that never expires has fingerprint
BEAD 694C 98D9 F228 1A9F 7487 5141 6DE6 0E68 87FD
It appears you need to re-sign packages released after the expiration date (if all were signed w/ expired key ID ending in 4c9d).

BleachBit version: 
4.2.0-0
Your operating system: 
Mint 20.1

A search at pgp.key-server.io shows the key 2B4D4C9D was extended to May 2023 before it expired.

The BleachBit docs link to the gnupg.net keyserver, so I tried to check that, but it is temporarily down.

---
Andrew, lead developer