Current color codes: https://dev.gnupg.org/T6869#200682

@ikloecker wrote some thoughts in https://dev.gnupg.org/T6869#200701:

Current state of discussion:

"Bad signature" (= file was changed) stays red.
Valid signature where the certificate is trusted stays green.

Currently with white background: Valid signatures (= technically correct) where the signing certificate:
a) is expired
b) is revoked
c) has no trusted certification

I was told the background color has been yellow in these cases in the past. Like in Kmail.
Why did the color change?
ikl: This was changed in 2017 with rKLEOPATRA982c22a4737e: Use Normal color for verify with no information.
Before the background was changed to "normal" the "neutral" color was used. I think in the past the "neutral" color was yellow and it was later changed to orange in the standard color schemes of KDE.

And there have been decisions regarding the colors in the past, those should have been documented in the commit messages. Could somebody please check if there is something to be found there?

We could maybe think about making the color for an expired certificate less threatening than for "is revoked" or "has no trusted certification". As signatures which were made a log time ago with a recently expired certificate are likely ok.
But one has basically to check in all these cases if one wants to trust those signatures, depending on the circumstances.
And C) is easy to remedy. Maybe we should explain that case better to the user, but that has nothing to do with color.