The MX Linux team has reported that one of the GPG digital signatures on a repository expired before it was caught and renewed. The signature is used to verify package downloads to insure software packages are not corrupted or tampered with prior to the package arriving on the user's system. The MX Linux blog has tips for MX users impacted by the expired signature. "Recently the GPG signatures on one of the upstream repositories expired before it could be renewed. A fix should have propagated to all mirrors by now, and may require action on your part to correct. For unknown reasons, the correct solution appears to vary somewhat by user, so multiple methods are given here that have proved to be successful..." The four methods for dealing with the signature can be found in the project's blog post.