[Major Bug] leap-archive keyring expired

Scenario: Installing bitmask client via apt

• Given I am using debian 9
• And I have installed the keyring 'sudo apt install leap-archive-keyring'
• And I have updated my sources to track STABLE 'sudo sh -c 'echo "deb http://deb.leap.se/client release stretch" > /etc/apt/sources.list.d/bitmask.list' && sudo apt update'
• When I install bitmask 'sudo apt install bitmask'
• Then I expect all packages and dependencies to be authenticated

Actual output:

WARNING: The following packages cannot be authenticated!
  python-leap-common python-sqlcipher soledad-common soledad-client bitmask-core bitmask-js bitmask-qt bitmask-vpn bitmask-mail bitmask

Needless to say users should NOT override the authentication warning and install.

Scenario: Verifying bitmask downloaded binary

• Given I am using debian 9
• And I have installed the keyring 'sudo apt install leap-archive-keyring'
• And I have updated my sources to track STABLE 'sudo sh -c 'echo "deb http://deb.leap.se/client release stretch" > /etc/apt/sources.list.d/bitmask.list' && sudo apt update'
• And I have downloaded the latest stable binaries and asc file 'wget https://dl.bitmask.net/client/linux/stable/Bitmask-linux64-latest.tar.gz'
• When I verify the download 'gpg --verify Bitmask-linux64-latest.tar.gz.asc'
• Then I expect the signature to be good
• And I expect the key to be valid

Actual output:

gpg: assuming signed data in 'Bitmask-linux64-latest.tar.gz'
gpg: Signature made Thu 02 Nov 2017 06:22:34 PM GMT
gpg:                using RSA key 1E453B2CE87BEE2F7DFE99661E34A1828E207901
gpg: Good signature from "LEAP archive signing key <sysdev@leap.se>" [expired]
gpg: **Note: This key has expired!

Again, users should NOT ignore key-expiry messages at any cost. This seems to be related to Issue 9269: Error Unauthorized