explain somewhere that in some cases the signing key may have to be updated
_Originally created by @goupille on [#13634 (Redmine)](https://public-redmine-archive.tails.boum.org/code/issues/13634)_
In the documentation to download and verify the ISO with GnuPG
(<http://tails.boum.org/install/download/openpgp)>, it is said that
> If you are doing the verification for the first time, download the
Tails signing key and import it in your keyring. If you are working from
Tails, the signing key is already included.
If a user have downloaded the signing key a long time ago, or uses an
old Tails release, it may not be up to date, and therefore the
verification ends up with a “this key is expired” error. A lot of users
keep using this method to verify the ISO and send us bug reports or
emails, worried about our signing key not being valid anymore.
I think I’ll add an entry to the FAQ about this, but I doubt it will
avoid all these users from sending bug reports… If the documentation
suggested the users to update the signing key before verifying the ISO,
it would solve the issue.
### Related issues
- **Related to** tails/tails#14977
- **Has duplicate** tails/tails#14711
- **Has duplicate** tails/tails#15448
issue