Hi, The 1.0.1i tarball is signed by a different key than the previous releases that were signed by Dr Stephen Henson.
$ gpg openssl-1.0.1i.tar.gz.asc gpg: Signature made Wed Aug 6 23:18:48 2014 CEST using RSA key ID 0E604491 gpg: please do a --check-trustdb gpg: Good signature from "Matt Caswell <m...@openssl.org>" gpg: aka "Matt Caswell <fr...@baggins.org>" $ gpg --list-sigs 0E604491 pub 2048R/0E604491 2013-04-30 uid Matt Caswell <m...@openssl.org> sig 3 0E604491 2014-08-03 Matt Caswell <m...@openssl.org> uid Matt Caswell <fr...@baggins.org> sig 3 0E604491 2013-04-30 Matt Caswell <m...@openssl.org> sub 2048R/E3C21B70 2013-04-30 sig 0E604491 2013-04-30 Matt Caswell <m...@openssl.org> Is this a good signature? I would have hoped at least some inter team cross gpg signing, or a signature by Dr Stephen Henson. Ciao, Marcus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
