new version of gnupg signed with different key?
Joerg Schmitz-Linneweber
joerg at schmitz-linneweber.de
Fri Feb 17 13:12:30 CET 2006
Hi!
Am Donnerstag, 16. Februar 2006 22:11 schrieb privacy.at Anonymous Remailer:
> gnupg-1.4.2.tar.bz2.sig was signed with key 0x57548DCD
> but
> gnupg-1.4.2.1.tar.bz2.sig is signed with 0x1CE0C630, which is not in
> turned signed with the old key. Why? How do we verify it's
> trustworthy?
Werner? What happend? I saw it's tagged as a "(dist sig) <dd9jn at ...>" but why
did you changed your policy? [Are you on ham radio btw. :-) ?]
I did a short review on the diff from 1.4.2 and it seems there are only the
changes regarding the mentioned vuln. and I think Werner (et.al) switched
from CVS to Subversion.... :-) Right?
Salut, Joerg
--
gpg/pgp key # 0xd7fa4512
fingerprint 4e89 6967 9cb2 f548 a806 7e8b fcf4 2053 d7fa 4512
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20060217/b3b839b8/attachment.pgp
More information about the Gnupg-users
mailing list