community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ross Gardler (MS OPEN TECH)" <>
Subject RE: Source signed by someone not on your list
Date Wed, 03 Jun 2015 19:49:07 GMT
Thank you for your email, this is very helpul. I'm copying the open office project team for
their information.


-----Original Message-----
From: tensizes [] 
Sent: Wednesday, June 3, 2015 12:44 PM
Subject: Source signed by someone not on your list


This is a security heads-up.  After downloading the latest release of Apache Open Office and
checking the key, I found it was signed by someone not on your published KEYS file list of
contributors, someone named Jeurgen Schmidt

His/her pgp key id is 51B5FDE8

The release file is from mirror
Filename: apache-openoffice-4.1.1-r1617669-src.tar.bz2

Either Jeurgen Schmidt has been left off of your list, or they have been signing sources without

Thanks for your development efforts,
View raw message