The upstream developers have replaced the OpenPGP key they sign their releases
with. The new key is signed with the old key, but GnuPG makes that ridiculously
difficult to verify. The expiry date of the old key must be extended so that
there is an interval where both keys are valid, and the system clock must be
set to a date in that interval.
To verify the new key, set the system clock to a date between 2018-10-23 and
2019-10-15, import all three key files with gpg2 --import, and then use
gpg2 --check-sigs.
· Upgraded to version 0.3.3.
· Run the testsuite, except for one test that doesn't work in Koji.
· Don't run chrpath; it seems that it's no longer needed.
· Changed the URLs to use HTTPS, which the upstream website now supports.
