community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tensizes <tensi...@gmail.com>
Subject Source signed by someone not on your list
Date Wed, 03 Jun 2015 19:44:21 GMT
Hi,

This is a security heads-up.  After downloading the latest release of
Apache Open Office and checking the key, I found it was signed by someone
not on your published KEYS file list of contributors, someone named Jeurgen
Schmidt

His/her pgp key id is 51B5FDE8

The release file is from mirror http://mirrors.gigenet.com
Filename: apache-openoffice-4.1.1-r1617669-src.tar.bz2

Either Jeurgen Schmidt has been left off of your list, or they have been
signing sources without permission.

Thanks for your development efforts,
tensizes

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message