Hi, This is a security heads-up. After downloading the latest release of Apache Open Office and checking the key, I found it was signed by someone not on your published KEYS file list of contributors, someone named Jeurgen Schmidt
His/her pgp key id is 51B5FDE8 The release file is from mirror http://mirrors.gigenet.com Filename: apache-openoffice-4.1.1-r1617669-src.tar.bz2 Either Jeurgen Schmidt has been left off of your list, or they have been signing sources without permission. Thanks for your development efforts, tensizes
