I wanted to upgrade to the latest version of Anki to see, whether there are some fixes for my problems in there, but then got this:
$ gpg -verify anki-2.1.38-checksums.txt
gpg: Note: signature key 0xD50853A92213E772 expired 2018-03-09T21:39:04 GMT
gpg: Note: signature key 0xD50853A92213E772 expired 2018-03-09T21:39:04 GMT
gpg: Note: signature key 0xD50853A92213E772 expired 2018-03-09T21:39:04 GMT
gpg: using classic trust model
gpg: using subkey 0xBB0E935417898967 instead of primary key 0xFC3B3781031161FF
gpg: please do a --check-trustdb
gpg: 0xBB0E935417898967: There is no assurance this key belongs to the named user
sub rsa4096/0xBB0E935417898967 2010-09-10 Jose Junior <jose.junior@shopify.com>
Primary key fingerprint: 8EF5 5F93 5CC8 1778 9760 7405 FC3B 3781 0311 61FF
Subkey fingerprint: F653 51A7 7A41 EF8D 1650 90A7 BB0E 9354 1789 8967
It is NOT certain that the key belongs to the person named
in the user ID. If you *really* know what you are doing,
you may answer the next question with yes.
Use this key anyway? (y/N) y
gpg: reading from 'anki-2.1.38-checksums.txt'
gpg: writing to 'anki-2.1.38-checksums.txt.gpg'
gpg: RSA/AES256 encrypted for: "0xBB0E935417898967 José de Paula Eufrásio Júnior <jose.junior@gmail.com>"
Now I am a bit worried: Is this as things should be? Am I doing something stupid? Where can I find more information about who this guy really is - he is not given credit in the list of contributors or anywhere. Can someone please shed some light on this issue?