When I try to verify the signature on openvpn-2.3.16.tar.gz (using
openvpn-2.3.16.tar.gz.asc) from the "Downloads" page [1], I get the
following:
gpg: assuming signed data in `XXX/openvpn-2.3.16.tar.gz'
gpg: Signature made Thu May 18 16:56:48 2017 EDT using RSA key ID 8CC2B034
gpg: Can't check signature: public key not found
The signatures on openvpn-2.3.15.tar.gz (downloaded last week) and on
openvpn-2.4.2.tar.gz both verify fine.
I think this is because Samuli's new key's ID is not 8CC2B034, it is
40864578 (if I understand correctly what is meant by "ID".)
Is 8CC2B034 the "Security mailing list GPGP key" on the "GnuPG Public
Key" page [2]? The link on that page to that key is broken (and
includes Javascript!).
Best regards,
Jon
[1] https://openvpn.net/index.php/open-source/downloads.html
[2] https://openvpn.net/index.php/open-source/documentation/sig.html
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
