On Thu, Aug 21, 2014 at 03:44:50PM +0100, Matt Caswell wrote: > On 21 August 2014 14:57, Marcus Meissner <meiss...@suse.de> wrote: > > > Hi, > > > > The 1.0.1i tarball is signed by a different key than the previous releases > > that were signed by Dr Stephen Henson. > > > > $ gpg openssl-1.0.1i.tar.gz.asc > > gpg: Signature made Wed Aug 6 23:18:48 2014 CEST using RSA key ID 0E604491 > > gpg: please do a --check-trustdb > > gpg: Good signature from "Matt Caswell <m...@openssl.org>" > > gpg: aka "Matt Caswell <fr...@baggins.org>" > > > > $ gpg --list-sigs 0E604491 > > pub 2048R/0E604491 2013-04-30 > > uid Matt Caswell <m...@openssl.org> > > sig 3 0E604491 2014-08-03 Matt Caswell <m...@openssl.org> > > uid Matt Caswell <fr...@baggins.org> > > sig 3 0E604491 2013-04-30 Matt Caswell <m...@openssl.org> > > sub 2048R/E3C21B70 2013-04-30 > > sig 0E604491 2013-04-30 Matt Caswell <m...@openssl.org> > > > > Is this a good signature? > > > > Well, assuming you'll take my word for it, the official list of team keys > is on the website: > > https://www.openssl.org/about/ > > ...and... > > https://www.openssl.org/docs/misc/fingerprints.txt
It is mostly a suggestion to do some gpg signing if you meet each other and also widen the signature circle ;) I see this as confirmation that you did sign the 1.0.1i release tarballs. Ciao, Marcus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org