community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ross Gardler (MS OPEN TECH)" <Ross.Gard...@microsoft.com>
Subject RE: Source signed by someone not on your list
Date Wed, 03 Jun 2015 19:49:07 GMT
Thank you for your email, this is very helpul. I'm copying the open office project team for
their information.

Ross

-----Original Message-----
From: tensizes [mailto:tensizes@gmail.com] 
Sent: Wednesday, June 3, 2015 12:44 PM
To: dev@community.apache.org
Subject: Source signed by someone not on your list

Hi,

This is a security heads-up.  After downloading the latest release of Apache Open Office and
checking the key, I found it was signed by someone not on your published KEYS file list of
contributors, someone named Jeurgen Schmidt

His/her pgp key id is 51B5FDE8

The release file is from mirror http://mirrors.gigenet.com
Filename: apache-openoffice-4.1.1-r1617669-src.tar.bz2

Either Jeurgen Schmidt has been left off of your list, or they have been signing sources without
permission.

Thanks for your development efforts,
tensizes
Mime
View raw message