https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7765
--- Comment #2 from Arjen de Korte <build+apa...@de-korte.org> --- The reason for submitting this bug, was the following text on https://spamassassin.apache.org/downloads.cgi?update=201809160000 "GPG Signing Key If you want to use GPG to verify the downloads listed above, please use the SpamAssassin Release GPG Keys to verify them." The rules file is one of the files mentioned above and is listed with a GPG signature. It is mentioned nowhere on this page that verifying this archive requires a different key. -- You are receiving this mail because: You are the assignee for the bug.