On 21 August 2014 14:57, Marcus Meissner <meiss...@suse.de> wrote: > Hi, > > The 1.0.1i tarball is signed by a different key than the previous releases > that were signed by Dr Stephen Henson. > > $ gpg openssl-1.0.1i.tar.gz.asc > gpg: Signature made Wed Aug 6 23:18:48 2014 CEST using RSA key ID 0E604491 > gpg: please do a --check-trustdb > gpg: Good signature from "Matt Caswell <m...@openssl.org>" > gpg: aka "Matt Caswell <fr...@baggins.org>" > > $ gpg --list-sigs 0E604491 > pub 2048R/0E604491 2013-04-30 > uid Matt Caswell <m...@openssl.org> > sig 3 0E604491 2014-08-03 Matt Caswell <m...@openssl.org> > uid Matt Caswell <fr...@baggins.org> > sig 3 0E604491 2013-04-30 Matt Caswell <m...@openssl.org> > sub 2048R/E3C21B70 2013-04-30 > sig 0E604491 2013-04-30 Matt Caswell <m...@openssl.org> > > Is this a good signature? >
Well, assuming you'll take my word for it, the official list of team keys is on the website: https://www.openssl.org/about/ ...and... https://www.openssl.org/docs/misc/fingerprints.txt Matt