diff --git a/docs/usage/list.rst b/docs/usage/list.rst
index e168faf46..e0a9b7ca2 100644
--- a/docs/usage/list.rst
+++ b/docs/usage/list.rst
@@ -27,11 +27,11 @@ Examples
     -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.text
     ...
 
-    $ borg list archiveA --pattern 're:\.ext$'
+    $ borg list archiveA --pattern '+ re:\.ext$' --pattern '- re:^.*$'
     -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
     ...
 
-    $ borg list archiveA --pattern 're:.ext$'
+    $ borg list archiveA --pattern '+ re:.ext$' --pattern '- re:^.*$'
     -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.ext
     -rw-rw-r-- user   user    1416192 Sun, 2015-02-01 11:00:00 code/myproject/file.text
     ...
diff --git a/scripts/upload-pypi b/scripts/upload-pypi
index ba84e78d4..afd6acdcc 100755
--- a/scripts/upload-pypi
+++ b/scripts/upload-pypi
@@ -15,4 +15,4 @@ fi
 
 D=dist/borgbackup-$R.tar.gz
 
-twine upload "$D.asc" "$D"
+twine upload "$D"
diff --git a/src/borg/cache.py b/src/borg/cache.py
index d37db1814..966b3380a 100644
--- a/src/borg/cache.py
+++ b/src/borg/cache.py
@@ -1049,6 +1049,9 @@ class LocalCache(CacheStatsMixin):
         elif "m" in cache_mode:
             cmtime_type = "mtime"
             cmtime_ns = safe_ns(st.st_mtime_ns)
+        else:  # neither 'c' nor 'm' in cache_mode, avoid UnboundLocalError
+            cmtime_type = "ctime"
+            cmtime_ns = safe_ns(st.st_ctime_ns)
         entry = FileCacheEntry(
             age=0, inode=st.st_ino, size=st.st_size, cmtime=int_to_timestamp(cmtime_ns), chunk_ids=ids
         )
diff --git a/src/borg/crypto/key.py b/src/borg/crypto/key.py
index 76d225ec1..9386805b0 100644
--- a/src/borg/crypto/key.py
+++ b/src/borg/crypto/key.py
@@ -1,3 +1,4 @@
+import binascii
 import hmac
 import os
 import textwrap
@@ -615,7 +616,31 @@ class FlexiKey:
                 raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
             if fd.read(len(repo_id)) != repo_id:
                 raise KeyfileMismatchError(self.repository._location.canonical_path(), filename)
-            return filename
+        # we get here if it really looks like a borg key for this repo,
+        # do some more checks that are close to how borg reads/parses the key.
+        with open(filename, "r") as fd:
+            lines = fd.readlines()
+            if len(lines) < 2:
+                logger.warning(f"borg key sanity check: expected 2+ lines total. [{filename}]")
+                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
+            if len(lines[0].rstrip()) > len(file_id) + len(repo_id):
+                logger.warning(f"borg key sanity check: key line 1 seems too long. [{filename}]")
+                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
+            key_b64 = "".join(lines[1:])
+            try:
+                key = a2b_base64(key_b64)
+            except binascii.Error:
+                logger.warning(f"borg key sanity check: key line 2+ does not look like base64. [{filename}]")
+                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
+            if len(key) < 20:
+                # this is in no way a precise check, usually we have about 400b key data.
+                logger.warning(
+                    f"borg key sanity check: binary encrypted key data from key line 2+ suspiciously short."
+                    f" [{filename}]"
+                )
+                raise KeyfileInvalidError(self.repository._location.canonical_path(), filename)
+        # looks good!
+        return filename
 
     def find_key(self):
         if self.STORAGE == KeyBlobStorage.KEYFILE: