-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all
I recently noticed a GPG key on the public key servers supposedly for
my name and email address that I did not create or control (key id
9708D9A2). As I sometimes sign OpenSSL releases I thought it was worth
reminding everyone that the only
On 04/11/2014 11:30, Matt Caswell wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi all
I recently noticed a GPG key on the public key servers supposedly for
my name and email address that I did not create or control (key id
9708D9A2). As I sometimes sign OpenSSL releases I thought it
Thanks for the detailed feedback!
1. The list of applicable signing keys included in the tarballs and elsewhere
only lists the fingerprints
We'll fix that.
2. The list seems kind of long, are all these people really authorized to
decide which release tarballs are real?
Yes any member of
On Tue, Nov 04, 2014 at 02:39:41PM -0500, Salz, Rich wrote:
Thanks for the detailed feedback!
1. The list of applicable signing keys included in the tarballs and
elsewhere only lists the fingerprints
We'll fix that.
I don't think their is anything wrong with fingerprints. However
I