On 21 August 2014 14:57, Marcus Meissner <[email protected]> wrote: > Hi, > > The 1.0.1i tarball is signed by a different key than the previous releases > that were signed by Dr Stephen Henson. > > $ gpg openssl-1.0.1i.tar.gz.asc > gpg: Signature made Wed Aug 6 23:18:48 2014 CEST using RSA key ID 0E604491 > gpg: please do a --check-trustdb > gpg: Good signature from "Matt Caswell <[email protected]>" > gpg: aka "Matt Caswell <[email protected]>" > > $ gpg --list-sigs 0E604491 > pub 2048R/0E604491 2013-04-30 > uid Matt Caswell <[email protected]> > sig 3 0E604491 2014-08-03 Matt Caswell <[email protected]> > uid Matt Caswell <[email protected]> > sig 3 0E604491 2013-04-30 Matt Caswell <[email protected]> > sub 2048R/E3C21B70 2013-04-30 > sig 0E604491 2013-04-30 Matt Caswell <[email protected]> > > Is this a good signature? >
Well, assuming you'll take my word for it, the official list of team keys is on the website: https://www.openssl.org/about/ ...and... https://www.openssl.org/docs/misc/fingerprints.txt Matt
