Debian packages are signed with an expired key
Currently (for some time now) when running 'update' in aptitude the following error is reported:
A: GPG error: https://www.semanticmerge.com ./ Release: The following signatures are not valid: KEYEXPIRED 1442157655
Of course, this has nothing to do with 'aptitude'.
A new key needs to be provided and packages need to be signed with that key.
The way Debian and Ubuntu do this is to have a separate package which is signed with the old key, and, when needed, delivers the new keys, then, after that package is available, the new key can be used for signing.