Forwarding from a downstream bug (https://bugs.gentoo.org/967745).

export-minimal is sometimes used by e.g. distros saving a compacted keyring to a file, and expecting to later reinitialize a GnuPG installation and re-verify a signed file.

It's okay in such a case for the keyring to be expired (but bad for it to be revoked) as long as the signature itself was created before the expiration.

The documentation implies that this will work, as it says:

Export the smallest key possible. This removes all signatures except the most recent self-signature on each user ID. This option is the same as running the --edit-key command "minimize" before export except that the local copy of the key is not modified. Defaults to no.

i.e. it doesn't say anything about expiry there. Because the documentation disagrees with the impl, we aren't sure whether to fix GnuPG or fix our tooling. If GnuPG is behaving as expected, is there a way to achieve compaction without losing this information?

Reproducer with the key for linux-pam:

#!/bin/bash
set -x

export GNUPGHOME="$(mktemp -d)"

wget -q https://raw.githubusercontent.com/linux-pam/linux-pam/b7ba550110f2f93fabb50976ea920fcb656c9a8e/pgp.keys.asc -O pam.asc
gpg --import pam.asc

gpg --export --armor > pam.asc.new
gpg --export-options export-minimal --export --armor > pam.asc.new-minimal

$ diff -u <(pgpdump pam.asc.new) <(pgpdump pam.asc.new-minimal)
[...]
-Old: Public Subkey Packet(tag 14)(525 bytes)
-       Ver 4 - new
-       Public key creation time - Wed Oct 21 11:51:42 BST 2015
-       Pub alg - RSA Encrypt or Sign(pub 1)
-       RSA n(4096 bits) - ...
-       RSA e(17 bits) - ...
[...]

This means that the resulting export-minimal key cannot be used to verify https://github.com/linux-pam/linux-pam/releases/download/v1.7.1/Linux-PAM-1.7.1.tar.xz against https://github.com/linux-pam/linux-pam/releases/download/v1.7.1/Linux-PAM-1.7.1.tar.xz.asc.