Return-Path: Delivered-To: apmail-db-derby-user-archive@www.apache.org Received: (qmail 65272 invoked from network); 21 May 2009 02:22:24 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 21 May 2009 02:22:24 -0000 Received: (qmail 23888 invoked by uid 500); 21 May 2009 02:22:37 -0000 Delivered-To: apmail-db-derby-user-archive@db.apache.org Received: (qmail 23857 invoked by uid 500); 21 May 2009 02:22:37 -0000 Mailing-List: contact derby-user-help@db.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Reply-To: "Derby Discussion" Delivered-To: mailing list derby-user@db.apache.org Received: (qmail 23849 invoked by uid 99); 21 May 2009 02:22:36 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 May 2009 02:22:36 +0000 X-ASF-Spam-Status: No, hits=2.2 required=10.0 tests=HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: unknown (athena.apache.org: error in processing during lookup of tsakai@gallo.ucsf.edu) Received: from [63.193.204.12] (HELO mail12.egcrc.net) (63.193.204.12) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 21 May 2009 02:22:25 +0000 X-MimeOLE: Produced By Microsoft Exchange V6.5 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C9D9BA.EEA007F7" Subject: RE: newbie confused about "verifying release" Date: Wed, 20 May 2009 19:22:04 -0700 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: newbie confused about "verifying release" Thread-Index: AcnZI4DPWKU17zOSSU2eduseFWpQfQAljhl+ References: <200905201017.18937.k.huwig@iku-ag.de> From: "Tena Sakai" To: "Kurt Huwig" , X-Virus-Checked: Checked by ClamAV on apache.org This is a multi-part message in MIME format. ------_=_NextPart_001_01C9D9BA.EEA007F7 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi Kurt, Many thanks for your reply. I redid everything by downloading the .gz file, .gz.asc, and .gz.md5. I was a bit skeptical, but to my surprise I was able to produce exactly the same thing as you did. [tsakai@vixen Derby]$ gpg --refresh-keys . . gpg: Total number processed: 20 gpg: unchanged: 17 gpg: new user IDs: 5 gpg: new signatures: 263 [tsakai@vixen Derby]$ [tsakai@vixen Derby]$ gpg --update-trustdb gpg: checking at depth 0 signed=3D0 ot(-/q/n/m/f/u)=3D0/0/0/0/0/1 [tsakai@vixen Derby]$ [tsakai@vixen Derby]$ gpg --verify db-derby-10.5.1.1-src.tar.gz.asc gpg: Signature made Tue 14 Apr 2009 02:27:52 PM PDT using DSA key ID = 37AA956A gpg: Good signature from "Myrna van Lunteren " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the = owner. Primary key fingerprint: 66C3 0B69 5415 91E3 A777 F84D 0E13 F75A 37AA = 956A [tsakai@vixen Derby]$ [tsakai@vixen Derby]$ md5sum db-derby-10.5.1.1-src.tar.gz f5c2d8c6546757243e2c8cf79fd944fe db-derby-10.5.1.1-src.tar.gz [tsakai@vixen Derby]$ [tsakai@vixen Derby]$ cat db-derby-10.5.1.1-src.tar.gz.md5 F5C2D8C6546757243E2C8CF79FD944FE [tsakai@vixen Derby]$ Thanks again. Regards, Tena Sakai tsakai@gallo.ucsf.edu -----Original Message----- From: Kurt Huwig [mailto:k.huwig@iku-ag.de] Sent: Wed 5/20/2009 1:17 AM To: derby-user@db.apache.org Cc: Tena Sakai Subject: Re: newbie confused about "verifying release" =20 Tena, I guess your download is broken. If I do the same, I get a GOOD = signature: kurt@pckurt:~/Install/Java$ LANG=3Den gpg --verify db-derby-10.5.1.1- src.tar.gz.asc gpg: Signature made Tue Apr 14 23:27:52 2009 CEST using DSA key ID = 37AA956A gpg: Good signature from "Myrna van Lunteren " gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the = owner. Primary key fingerprint: 66C3 0B69 5415 91E3 A777 F84D 0E13 F75A 37AA = 956A You should verify the download with MD5: kurt@pckurt:~/Install/Java$ md5sum db-derby-10.5.1.1-src.tar.gz f5c2d8c6546757243e2c8cf79fd944fe db-derby-10.5.1.1-src.tar.gz kurt@pckurt:~/Install/Java$ cat db-derby-10.5.1.1-src.tar.gz.md5 F5C2D8C6546757243E2C8CF79FD944FE Regarding the warning: as the others pointed out, you do not know if you = have=20 downloaded the original key of Myrna or a faked copy. Everybody can = create a=20 key that reads "Myrna van Lunteren ". Therefore = there=20 is something called the "web of trust" where people verify the = correctness of=20 a key and do a digital signature on it. For example if you'd trust my = GPG key=20 and I'd sign Myrna's key, then you could verify that you downloaded the=20 correct key by verifying my signature on the key you downloaded, because = this=20 is something that noone can fake. http://en.wikipedia.org/wiki/Web_of_Trust On Wednesday 20 May 2009 04:22:40 Tena Sakai wrote: > Hi Myrna, > Hi kathy, > > Thanks for your reply. I read what you pointed out to me and > I thought I understood what Knut Anders mentioned. Accordingly > I executed what was suggested, but I am left with the same > message as I posted the second time: > > [tsakai@vixen Derby]$ gpg --refresh-keys > gpg: refreshing 24 keys from hkp://subkeys.pgp.net > gpg: key FFCCF7B1: "Dyre Tjeldvoll " 3 new = signatures > gpg: key 37AA956A: "Myrna van Lunteren " not > changed gpg: key 5355D01C: "Dag H. Wanvik (Derby committer) > " 13 new signatures gpg: key 88D83722: "Andreas > Korneliussen " 1 new user ID gpg: key 88D83722: > "Andreas Korneliussen " 12 new signatures gpg: = can't > get key from keyserver: Connection timed out > gpg: key 0C8EBFBE: "David Van Couvering (My Apache Key) > " 19 new signatures gpg: key 98E21827: "Rick = Hillegas > " 7 new signatures gpg: key B1669287: "Kathey = Marsden > " not changed gpg: key 99586C26: "Jean T. = Anderson > (IBM) (adding IBM email) " 2 new user IDs gpg: key > 99586C26: "Jean T. Anderson (IBM) (adding IBM email) = " > 98 new signatures gpg: key 8E8367B1: "Satheesh Bandaram (Apache Derby > Project) " not changed gpg: can't get key from > keyserver: Connection timed out > gpg: key AB821FBC: "Andrew McIntyre " 3 new = user > IDs gpg: key AB821FBC: "Andrew McIntyre " 119 = new > signatures gpg: key AB1B7EE4: "Daniel John Debrunner = " > not changed gpg: no valid OpenPGP data found. > gpg: key AA0077B0: "Kev Jackson (apache key) " not > changed gpg: key C152431A: "Steve Loughran " 5 new > signatures gpg: can't get key from keyserver: Connection timed out > gpg: key 265B4C63: "Antoine Levy-Lambert (Apache Ant Committer) > " 4 new signatures gpg: key EDF62C35: "Magesh = Umasankar > " 1 new signature gpg: key 307A10A5: "Henri Gomez > " 7 new signatures gpg: key 397DCAD5: = "Henri > Gomez " 2 new signatures gpg: key = 697ECEDD: > "Henri Gomez " 1 new user ID gpg: key 697ECEDD: = "Henri > Gomez " 6 new signatures gpg: can't get key from > keyserver: Connection timed out > gpg: key FEECAAED: "Stefan Bodewig " 19 new > signatures gpg: Total number processed: 19 > gpg: unchanged: 5 > gpg: new user IDs: 7 > gpg: new signatures: 315 > [tsakai@vixen Derby]$ > [tsakai@vixen Derby]$ echo $? > 2 > [tsakai@vixen Derby]$ > [tsakai@vixen Derby]$ gpg --update-trustdb > gpg: checking at depth 0 signed=3D0 ot(-/q/n/m/f/u)=3D0/0/0/0/0/1 > [tsakai@vixen Derby]$ > [tsakai@vixen Derby]$ gpg --verify db-derby-10.5.1.1-src.tar.gz.asc > gpg: Signature made Tue 14 Apr 2009 02:27:52 PM PDT using DSA key ID > 37AA956A gpg: BAD signature from "Myrna van Lunteren > " [tsakai@vixen Derby]$ > > It appears that --refresh-keys indeed did stuff, although it took > a long time (which is evidenced by "Connection timed out" messages. > That said, it didn't seem to have changed the bottom line. I don't > like the line: > BAD signature from "Myrna van Lunteren " > It sounds a bit ominous and definite. > > Perhaps this is not something I should waste more time on? > > Regards, > > Tena Sakai > tsakai@gallo.ucsf.edu > > > -----Original Message----- > From: Myrna van Lunteren [mailto:m.v.lunteren@gmail.com] > Sent: Tue 5/19/2009 3:54 PM > To: Derby Discussion > Subject: Re: newbie confused about "verifying release" > > On Tue, May 19, 2009 at 2:43 PM, Tena Sakai = wrote: > > Hi, > > > > I am a newbie and just got started with derby. I was doing what = this > > page > > > > = http://db.apache.org/derby/releases/release-10.5.1.1.cgi#Verifying+releas= > >es instructed. > > [...snip...] > > > Here are responses from the two commands: > > [tsakai@vixen Derby]$ gpg --import KEYS > > [...snip...] > > > gpg: key FFCCF7B1: "Dyre Tjeldvoll " not changed > > gpg: Total number processed: 13 > > gpg: unchanged: 13 > > [tsakai@vixen Derby]$ > > [tsakai@vixen Derby]$ gpg --verify = db-derby-10.5.1.1-src.tar.gz.asc > > gpg: Signature made Tue 14 Apr 2009 02:27:52 PM PDT using DSA key = ID > > 37AA956A > > gpg: Good signature from "Myrna van Lunteren = " > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to = the > > owner. > > Primary key fingerprint: 66C3 0B69 5415 91E3 A777 F84D 0E13 F75A = 37AA > > 956A > > [tsakai@vixen Derby]$ > > > > What I don't understand is at the bottom: > > gpg: WARNING: This key is not certified with a trusted signature! > > gpg: There is no indication that the signature belongs to = the > > owner. > > > > Can someone please clue me in? Is this good, bad, neutral? > > Should I do something (and if so, what)? Should I ignore and move = on? > > > > Thank you in advance. > > > > Regards, > > > > Tena Sakai > > tsakai@gallo.ucsf.edu > > You're not the first to ever have been confused by this. There was a > thread on our derby-developers list on this issue a long time ago, re > 10.4.2.0, see: > http://www.mail-archive.com/derby-dev@db.apache.org/msg62800.html > > Knut Anders' response in the final mail on that thread is helpful; > " Note that gpg told you that the signature was good. What it > warned you about, was that you didn't trust anyone who had signed = Rick's > key. You can update your trust db with "gpg --update-trustdb"." > > In this case, it appears it is *my* signature that is not known by > 'you' or anyone 'you' (your pgp program, that is) know. But as I > understand it, that's still ok. > > Myrna --=20 Mit freundlichen Gr=FC=DFen Kurt Huwig (Vorstand) Telefon 0681 / 3 72 00 36 - 50 http://www.iku-ag.de/ Telefax 0681 / 3 72 00 36 - 59 iKu Systemhaus AG, Altenkesseler Stra=DFe 17/Geb=E4ude C1, 66115 = Saarbr=FCcken Amtsgericht: Saarbr=FCcken, HRB 13240 Vorstand: Kurt Huwig Aufsichtsratsvorsitzender: Jan Bankstahl GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940 EB6D 4C32 F908 99DD 9468 ------_=_NextPart_001_01C9D9BA.EEA007F7 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable RE: newbie confused about "verifying release"

Hi Kurt,

Many thanks for your reply.

I redid everything by downloading the .gz file,
.gz.asc, and .gz.md5.  I was a bit skeptical,
but to my surprise I was able to produce exactly
the same thing as you did.

  [tsakai@vixen Derby]$ gpg --refresh-keys
            &= nbsp;         .
            &= nbsp;         .
  gpg: Total number processed: 20
  = gpg:           &nb= sp;  unchanged: 17
  gpg:           = new user IDs: 5
  gpg:         new = signatures: 263
  [tsakai@vixen Derby]$
  [tsakai@vixen Derby]$ gpg --update-trustdb
  gpg: checking at depth 0 signed=3D0 = ot(-/q/n/m/f/u)=3D0/0/0/0/0/1
  [tsakai@vixen Derby]$
  [tsakai@vixen Derby]$ gpg --verify = db-derby-10.5.1.1-src.tar.gz.asc
  gpg: Signature made Tue 14 Apr 2009 02:27:52 PM PDT using DSA key = ID 37AA956A
  gpg: Good signature from "Myrna van Lunteren = <m.v.lunteren@gmail.com>"
  gpg: WARNING: This key is not certified with a trusted = signature!
  gpg:          There = is no indication that the signature belongs to the owner.
  Primary key fingerprint: 66C3 0B69 5415 91E3 A777  F84D 0E13 = F75A 37AA 956A
  [tsakai@vixen Derby]$
  [tsakai@vixen Derby]$ md5sum db-derby-10.5.1.1-src.tar.gz
  f5c2d8c6546757243e2c8cf79fd944fe  = db-derby-10.5.1.1-src.tar.gz
  [tsakai@vixen Derby]$
  [tsakai@vixen Derby]$ cat db-derby-10.5.1.1-src.tar.gz.md5
  F5C2D8C6546757243E2C8CF79FD944FE
  [tsakai@vixen Derby]$

Thanks again.

Regards,

Tena Sakai
tsakai@gallo.ucsf.edu


-----Original Message-----
From: Kurt Huwig [mailto:k.huwig@iku-ag.de]
Sent: Wed 5/20/2009 1:17 AM
To: derby-user@db.apache.org
Cc: Tena Sakai
Subject: Re: newbie confused about "verifying release"

Tena,

I guess your download is broken. If I do the same, I get a GOOD = signature:

kurt@pckurt:~/Install/Java$ LANG=3Den gpg --verify = db-derby-10.5.1.1-
src.tar.gz.asc
gpg: Signature made Tue Apr 14 23:27:52 2009 CEST using DSA key ID = 37AA956A
gpg: Good signature from "Myrna van Lunteren = <m.v.lunteren@gmail.com>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no = indication that the signature belongs to the owner.
Primary key fingerprint: 66C3 0B69 5415 91E3 A777  F84D 0E13 F75A = 37AA 956A

You should verify the download with MD5:

kurt@pckurt:~/Install/Java$ md5sum db-derby-10.5.1.1-src.tar.gz
f5c2d8c6546757243e2c8cf79fd944fe  db-derby-10.5.1.1-src.tar.gz
kurt@pckurt:~/Install/Java$ cat db-derby-10.5.1.1-src.tar.gz.md5
F5C2D8C6546757243E2C8CF79FD944FE

Regarding the warning: as the others pointed out, you do not know if you = have
downloaded the original key of Myrna or a faked copy. Everybody can = create a
key that reads "Myrna van Lunteren = <m.v.lunteren@gmail.com>". Therefore there
is something called the "web of trust" where people verify the = correctness of
a key and do a digital signature on it. For example if you'd trust my = GPG key
and I'd sign Myrna's key, then you could verify that you downloaded = the
correct key by verifying my signature on the key you downloaded, because = this
is something that noone can fake.

http://en.wikipedia.or= g/wiki/Web_of_Trust

On Wednesday 20 May 2009 04:22:40 Tena Sakai wrote:
> Hi Myrna,
> Hi kathy,
>
> Thanks for your reply.  I read what you pointed out to me = and
> I thought I understood what Knut Anders mentioned.  = Accordingly
> I executed what was suggested, but I am left with the same
> message as I posted the second time:
>
>   [tsakai@vixen Derby]$ gpg --refresh-keys
>   gpg: refreshing 24 keys from hkp://subkeys.pgp.net
>   gpg: key FFCCF7B1: "Dyre Tjeldvoll = <dyre@apache.org>" 3 new signatures
>   gpg: key 37AA956A: "Myrna van Lunteren = <m.v.lunteren@gmail.com>" not
> changed gpg: key 5355D01C: "Dag H. Wanvik (Derby = committer)
> <dag@apache.org>" 13 new signatures gpg: key 88D83722: = "Andreas
> Korneliussen <andreask@apache.org>" 1 new user ID gpg: = key 88D83722:
> "Andreas Korneliussen <andreask@apache.org>" 12 new = signatures gpg: can't
> get key from keyserver: Connection timed out
>   gpg: key 0C8EBFBE: "David Van Couvering (My Apache = Key)
> <davidvc@apache.org>" 19 new signatures gpg: key = 98E21827: "Rick Hillegas
> <rhillegas@apache.org>" 7 new signatures gpg: key = B1669287: "Kathey Marsden
> <kmarsden@apache.org>" not changed gpg: key 99586C26: = "Jean T. Anderson
> (IBM) (adding IBM email) <jander@us.ibm.com>" 2 new user = IDs gpg: key
> 99586C26: "Jean T. Anderson (IBM) (adding IBM email) = <jander@us.ibm.com>"
> 98 new signatures gpg: key 8E8367B1: "Satheesh Bandaram = (Apache Derby
> Project) <satheesh@Sourcery.Org>" not changed gpg: can't = get key from
> keyserver: Connection timed out
>   gpg: key AB821FBC: "Andrew McIntyre = <fuzzylogic@apache.org>" 3 new user
> IDs gpg: key AB821FBC: "Andrew McIntyre = <fuzzylogic@apache.org>" 119 new
> signatures gpg: key AB1B7EE4: "Daniel John Debrunner = <djd@debrunners.com>"
> not changed gpg: no valid OpenPGP data found.
>   gpg: key AA0077B0: "Kev Jackson (apache key) = <kevj@apache.org>" not
> changed gpg: key C152431A: "Steve Loughran = <stevel@apache.org>" 5 new
> signatures gpg: can't get key from keyserver: Connection timed = out
>   gpg: key 265B4C63: "Antoine Levy-Lambert (Apache = Ant Committer)
> <antoine@apache.org>" 4 new signatures gpg: key = EDF62C35: "Magesh Umasankar
> <umagesh@apache.org>" 1 new signature gpg: key 307A10A5: = "Henri Gomez
> <hgomez@users.sourceforge.net>" 7 new signatures gpg: = key 397DCAD5: "Henri
> Gomez <hgomez@users.sourceforge.net>" 2 new signatures = gpg: key 697ECEDD:
> "Henri Gomez <hgomez@apache.org>" 1 new user ID = gpg: key 697ECEDD: "Henri
> Gomez <hgomez@apache.org>" 6 new signatures gpg: can't = get key from
> keyserver: Connection timed out
>   gpg: key FEECAAED: "Stefan Bodewig = <bodewig@apache.org>" 19 new
> signatures gpg: Total number processed: 19
>   = gpg:           &nb= sp;  unchanged: 5
>   = gpg:           new = user IDs: 7
>   gpg:         = new signatures: 315
>   [tsakai@vixen Derby]$
>   [tsakai@vixen Derby]$ echo $?
>   2
>   [tsakai@vixen Derby]$
>   [tsakai@vixen Derby]$ gpg --update-trustdb
>   gpg: checking at depth 0 signed=3D0 = ot(-/q/n/m/f/u)=3D0/0/0/0/0/1
>   [tsakai@vixen Derby]$
>   [tsakai@vixen Derby]$ gpg --verify = db-derby-10.5.1.1-src.tar.gz.asc
>   gpg: Signature made Tue 14 Apr 2009 02:27:52 PM PDT = using DSA key ID
> 37AA956A gpg: BAD signature from "Myrna van Lunteren
> <m.v.lunteren@gmail.com>" [tsakai@vixen Derby]$
>
> It appears that --refresh-keys indeed did stuff, although it = took
> a long time (which is evidenced by "Connection timed out" = messages.
> That said, it didn't seem to have changed the bottom line.  I = don't
> like the line:
>   BAD signature from "Myrna van Lunteren = <m.v.lunteren@gmail.com>"
> It sounds a bit ominous and definite.
>
> Perhaps this is not something I should waste more time on?
>
> Regards,
>
> Tena Sakai
> tsakai@gallo.ucsf.edu
>
>
> -----Original Message-----
> From: Myrna van Lunteren [mailto:m.v.lunteren@gmail.com]=
> Sent: Tue 5/19/2009 3:54 PM
> To: Derby Discussion
> Subject: Re: newbie confused about "verifying = release"
>
> On Tue, May 19, 2009 at 2:43 PM, Tena Sakai = <tsakai@gallo.ucsf.edu> wrote:
> > Hi,
> >
> > I am a newbie and just got started with derby.  I was = doing what this
> > page
> >
> > http://db.apache.org/derby/releases/release-10.5.1.1.cgi#Verify= ing+releas
> >es instructed.
>
> [...snip...]
>
> > Here are responses from the two commands:
> >   [tsakai@vixen Derby]$ gpg --import KEYS
>
> [...snip...]
>
> >   gpg: key FFCCF7B1: "Dyre Tjeldvoll = <dyre@apache.org>" not changed
> >   gpg: Total number processed: 13
> >   = gpg:           &nb= sp;  unchanged: 13
> >   [tsakai@vixen Derby]$
> >   [tsakai@vixen Derby]$ gpg --verify = db-derby-10.5.1.1-src.tar.gz.asc
> >   gpg: Signature made Tue 14 Apr 2009 02:27:52 PM = PDT using DSA key ID
> > 37AA956A
> >   gpg: Good signature from "Myrna van Lunteren = <m.v.lunteren@gmail.com>"
> >   gpg: WARNING: This key is not certified with a = trusted signature!
> >   = gpg:          There is no = indication that the signature belongs to the
> > owner.
> >   Primary key fingerprint: 66C3 0B69 5415 91E3 = A777  F84D 0E13 F75A 37AA
> > 956A
> >   [tsakai@vixen Derby]$
> >
> > What I don't understand is at the bottom:
> >   gpg: WARNING: This key is not certified with a = trusted signature!
> >   = gpg:          There is no = indication that the signature belongs to the
> > owner.
> >
> > Can someone please clue me in?  Is this good, bad, = neutral?
> > Should I do something (and if so, what)?  Should I ignore = and move on?
> >
> > Thank you in advance.
> >
> > Regards,
> >
> > Tena Sakai
> > tsakai@gallo.ucsf.edu
>
> You're not the first to ever have been confused by this. There was = a
> thread on our derby-developers list on this issue a long time ago, = re
> 10.4.2.0, see:
> http://www.mail-archive.com/derby-dev@db.apache.org/msg62800.html >
> Knut Anders' response in the final mail on that thread is = helpful;
> " Note that gpg told you that the signature was good. What = it
> warned you about, was that you didn't trust anyone who had signed = Rick's
> key. You can update your trust db with "gpg = --update-trustdb"."
>
> In this case, it appears it is *my* signature that is not known = by
> 'you' or anyone 'you' (your pgp program, that is) know. But as = I
> understand it, that's still ok.
>
> Myrna

--
Mit freundlichen Gr=FC=DFen

Kurt Huwig = (Vorstand)          &nb= sp;          Telefon 0681 / = 3 72 00 36 - 50
http://www.iku-ag.de/   = ;            =       Telefax 0681 / 3 72 00 36 - 59

iKu Systemhaus AG, Altenkesseler Stra=DFe 17/Geb=E4ude C1, 66115 = Saarbr=FCcken
Amtsgericht: Saarbr=FCcken, HRB 13240
Vorstand: Kurt = Huwig            = Aufsichtsratsvorsitzender: Jan Bankstahl

GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940  EB6D 4C32 F908 99DD = 9468

------_=_NextPart_001_01C9D9BA.EEA007F7--