Thank you Samuli. I mis-read the description and thought that your "new
key" was being used for all Windows releases. The download verified
correctly with the mailing list key.
-Lefty
On Fri, Oct 27, 2017 at 12:31 AM, Samuli Seppänen <sam...@openvpn.net>
wrote:
> On 27/10/2017 08:20, Lefty wrote:
> > Hi all,
> >
> > I recently downloaded the openvpn-install-2.4.4-I601.exe Windows
> > installer, along with the openvpn-install-2.4.4-I601.exe.asc signature
> file.
> >
> > I imported Samuli's new key ( fingerprint 6D04 F8F1 B017 3111 F499 795E
> > 2958 4D9F 4086 4578).
> > When I run PGP I get the following output:
> >
> > gpg: armor header: Version: GnuPG v1
> > gpg: assuming signed data in 'openvpn-install-2.4.4-I601.exe'
> > gpg: Signature made 09/26/17 06:19:55 Pacific Daylight Time
> > gpg: using RSA key D72AF3448CC2B034
> > gpg: Can't check signature: No public key
> >
> > It appears the installer has been signed with the "Security Mailing List
> > GPG Key" instead of the key described on the sig page.
> >
> > Am I doing the verification wrong?
> > Any suggestions much appreciated!
> >
> > -Lefty
> >
>
> Hi,
>
> There's a link to the Security Mailing List key on the GnuPG public key
> page:
>
> <https://openvpn.net/index.php/open-source/documentation/sig.html>
>
> As mentioned on that page the Security Mailing List key has been used to
> sign releases from 2.3.16 and 2.4.3 onwards.
>
> I hope we don't have to shuffle the keys anymore in the near future.
>
> --
> Samuli Seppänen
> Community Manager
> OpenVPN Technologies, Inc
>
> irc freenode net: mattock
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
