community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tensizes <>
Subject Source signed by someone not on your list
Date Wed, 03 Jun 2015 19:44:21 GMT

This is a security heads-up.  After downloading the latest release of
Apache Open Office and checking the key, I found it was signed by someone
not on your published KEYS file list of contributors, someone named Jeurgen

His/her pgp key id is 51B5FDE8

The release file is from mirror
Filename: apache-openoffice-4.1.1-r1617669-src.tar.bz2

Either Jeurgen Schmidt has been left off of your list, or they have been
signing sources without permission.

Thanks for your development efforts,

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message