Hi Juergen Schmidt was the release manager for the latest AOO releases so the key is valid.
If you use our official mirror through www.openoffice.org you should see that the key is legal. but thanks for being observant and reporting your findings. rgds jan i v.p. apache openoffice On Wednesday, June 3, 2015, tensizes <tensi...@gmail.com> wrote: > Hi, > > This is a security heads-up. After downloading the latest release of > Apache Open Office and checking the key, I found it was signed by someone > not on your published KEYS file list of contributors, someone named Jeurgen > Schmidt > > His/her pgp key id is 51B5FDE8 > > The release file is from mirror http://mirrors.gigenet.com > Filename: apache-openoffice-4.1.1-r1617669-src.tar.bz2 > > Either Jeurgen Schmidt has been left off of your list, or they have been > signing sources without permission. > > Thanks for your development efforts, > tensizes > -- Sent from My iPad, sorry for any misspellings.
