Hi, The 1.0.1i tarball is signed by a different key than the previous releases that were signed by Dr Stephen Henson.
$ gpg openssl-1.0.1i.tar.gz.asc gpg: Signature made Wed Aug 6 23:18:48 2014 CEST using RSA key ID 0E604491 gpg: please do a --check-trustdb gpg: Good signature from "Matt Caswell <[email protected]>" gpg: aka "Matt Caswell <[email protected]>" $ gpg --list-sigs 0E604491 pub 2048R/0E604491 2013-04-30 uid Matt Caswell <[email protected]> sig 3 0E604491 2014-08-03 Matt Caswell <[email protected]> uid Matt Caswell <[email protected]> sig 3 0E604491 2013-04-30 Matt Caswell <[email protected]> sub 2048R/E3C21B70 2013-04-30 sig 0E604491 2013-04-30 Matt Caswell <[email protected]> Is this a good signature? I would have hoped at least some inter team cross gpg signing, or a signature by Dr Stephen Henson. Ciao, Marcus ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
