On Fri 07-10-12 15:02, Keith Thompson wrote: [...] > That's not the only problem. As of a few minutes ago, there were > two versions of the "openssl-0.9.8f.tar.gz.asc" file, one on the ftp > server and another on the web server. Both are signed by the same key > (which is *not* the key used for previous releases), but the one on > the ftp server is incorrect. But that appears to have been corrected > now (while I was writing this message). > > Also, the "openssl-0.9.8f.tar.gz.asc" file is actually a *binary* > signature, not an ASCII signature as the name implies. (Previous *.asc > files have been ASCII signatures.)
The key used to generate openssl-0.9.8f.tar.gz.asc (key ID 2719AF35) appears to belong to Ben Laurie, who is a member of the OpenSSL core team, but it's not the same key advertised on <http://openssl.org/about/> (key ID 2118CF83). -- Keith Thompson <[EMAIL PROTECTED]> San Diego Supercomputer Center <http://users.sdsc.edu/~kst/> 858-822-0853 "We must do something. This is something. Therefore, we must do this." -- Antony Jay and Jonathan Lynn, "Yes Minister" ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
