This folder (cdn/gpg/privex/archived) contains ARCHIVED public keys.

These keys are only kept for historical purposes, for things such as verifying statements, documents,
or articles which were GPG signed BEFORE THE KEY EXPIRED.

Do not trust anything which has been signed or encrypted/decrypted by the keys in this folder
after their expiration date.

Be aware, sometimes keys are in this folder which haven't yet reached their expiry date, or don't have
an expiry date. There are many reasons for non-expired keys to be in here:

 1. The most common reason, is simply that the key is very close to their expiration date (close being relative
    to how long the expiration was - could be a few days, a week, a month, or up to 6 months),
    and they have been replaced with a new key.

    Keys which are close to expiration, do not get placed into the archive folder until they have a valid
    replacement available for use.

 2. The key(s) were compromised. While this is generally an unlikely reason for a key to be archived,
    such an event is certainly a potential risk. If we're aware of a GPG key being compromised, then we'll
    move it from the active area of the folder, to the archived/expired area of the folder.

 3. A change in staff membership. This is a similar reason to #2 - if staff members who had access to a GPG key
    leave the organisation which that key belonged to (e.g. a support key shared among staff), then for security,
    the organisation may re-issue the key, to ensure the ex-staff members cannot do any harm with the key(s).