On Fri, Jan 09, 2009, Vineet Kumar wrote: > > Before taking in the patch for the recent security advisory for > vulnerability CVE-2008-5077, I want to verify its authenticity using GPG. > However, I get this: > *********** > % (gpg --list-keys 89A36572 > /dev/null 2>&1 || gpg --recv-keys 89A36572) > && gpg --verify openssl_dsa_advisory.asc > gpg: Signature made Wed 07 Jan 2009 05:00:43 AM PST using RSA key ID > F295C759 > gpg: Can't check signature: public key not found >
We don't use that shared key. That was signed with my key with ID F295C759. See http://www.openssl.org/about/ Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org
