Currently (for some time now) when running 'update' in aptitude the following error is reported:

A: GPG error: https://www.semanticmerge.com ./ Release: The following signatures are not valid: KEYEXPIRED 1442157655

Of course, this has nothing to do with 'aptitude'.

A new key needs to be provided and packages need to be signed with that key.

The way Debian and Ubuntu do this is to have a separate package which is signed with the old key, and, when needed, delivers the new keys, then, after that package is available, the new key can be used for signing.