https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #18 from Justin Mason <[email protected]> 2010-01-19 04:05:41 UTC --- (In reply to comment #16) > +1 > > You didn't add a mention of the two locations where the file can be found as I > suggested in comment #10, but that was just a suggestion. hmm. I missed that -- sorry :( > However, I see that you cut the final 3.3.0 tarball before committing this. Is > it really ok to have rules/sa-update.txt say that the release key is different > from the one used to sign the release? the current rules/sa-update.txt (as in the release) says: This is the GPG key that updates are signed with (currently, as of Wed Dec 21 19:31:38 PST 2005. Please contact <dev /at/ spamassassin.apache.org> with any questions. and it's this key: : 204...; gpg -v rules/sa-update-pubkey.txt gpg: armor header: Version: GnuPG v1.4.2 (SunOS) pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key <[email protected]> sig 5244EC45 2005-12-20 [selfsig] sub 4096R/24F434CE 2005-12-20 sig 5244EC45 2005-12-20 [keybind] sig 5244EC45 2008-01-10 [keybind] this key is not changing (aside from the addition of cross-signatures). so there's no issue there; the released sa-update-pubkey.txt file will still be correct without this patch. > Perhaps the release announcement ahould be amended to tell people to get the > new release key from http://www.apache.org/dist/spamassassin/KEYS ? That way > anyone who is careful about checking will be up to date before they get as far > as looking at rules/sa-update.txt. I'll change the release announcement as you suggested on the dev list. -- Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
