You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by bu...@bugzilla.spamassassin.org on 2008/06/16 20:34:56 UTC
[Bug 5924] New: key infrastructure for sa-update is not properly
specified
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Summary: key infrastructure for sa-update is not properly
specified
Product: Spamassassin
Version: 3.2.4
Platform: Other
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P5
Component: sa-update
AssignedTo: dev@spamassassin.apache.org
ReportedBy: support@oeko.net
In SA 3.2.2, the SA Release Team key was used to sign SA rules updates. In SA
3.2.4, this seems to no longer be true, and/or the key and signature checking
by more recent versions of GnuPG could have become stricter. In any case,
running sa-update with the newer version fails due to an invalid signature.
The man page for sa-update mentions that the rule updates are signed by the SA
Release Team's key, but the corresponding wiki page specifies a different key.
It would be imho very much desirable to have some way to learn, and distribute,
authorized keys, so users (like me) can learn that this or that key is indeed
sanctioned to sign the rule update (or at least, rule updates done by the SA
Release Team). Currently, no such thing appears to be available.
I'd like to see something similar like the "Debian Keyring", but for works of
the SpamAssassin project, so I can adapt to eg. changing group members by
upgrading my keyring package in a secure way. Simply going to the wiki and
using cut&paste on the keys mentioned there does not carry the same amount of
confidence.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #12 from Justin Mason <jm...@jmason.org> 2010-01-15 07:14:50 UTC ---
I don't think that change needs to block rc3
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #42 from Darxus <Da...@ChaosReigns.com> 2011-05-26 22:14:19 UTC ---
That file uses Justin Mason's header, and adds Adam Katz's signature:
$ gpg -v KEYS.new
gpg: armor header: Version: GnuPG v2.0.14 (GNU/Linux)
pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key
<re...@spamassassin.org>
sig 6CB1BC68 2008-05-12 Alain Wolf <wo...@restkultur.ch>
sig 7DF1F870 2008-07-27 Frank C. Langbein <fr...@langbein.org>
sig E8B493D6 2011-02-08 Adam Katz (key for auto-gen content)
<an...@khopis.com>
sig F4AD9292 2011-05-09 Adam Katz <ad...@khopis.com>
sig 5244EC45 2005-12-20 [selfsig]
sig 298BC7D0 2008-08-07 Justin Mason <jm...@jmason.org>
sig 265FA05B 2008-08-07 SpamAssassin Signing Key
<re...@spamassassin.org>
sig F7D39814 2010-01-16 SpamAssassin Project Management Committee
<pr...@spamassassin.apache.org>
sub 4096R/24F434CE 2005-12-20
sig 5244EC45 2008-01-10 [keybind]
pub 4096R/F7D39814 2009-12-02 SpamAssassin Project Management Committee
<pr...@spamassassin.apache.org>
sig 54A2ACF1 2009-12-27 Warren Togami (Work) <wt...@redhat.com>
sig F4AD9292 2011-05-09 Adam Katz <ad...@khopis.com>
sig E8B493D6 2011-05-09 Adam Katz (key for auto-gen content)
<an...@khopis.com>
sig F7D39814 2009-12-02 [selfsig]
uid SpamAssassin Signing Key (Code Signing Key,
replacement for 1024D/265FA05B) <de...@spamassassin.apache.org>
sig 54A2ACF1 2009-12-27 Warren Togami (Work) <wt...@redhat.com>
sig 265FA05B 2009-12-02 SpamAssassin Signing Key
<re...@spamassassin.org>
sig F4AD9292 2011-05-09 Adam Katz <ad...@khopis.com>
sig E8B493D6 2011-05-09 Adam Katz (key for auto-gen content)
<an...@khopis.com>
sig F7D39814 2009-12-02 [selfsig]
sub 4096R/7B3265A5 2009-12-02
sig F7D39814 2009-12-02 [keybind]
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
<re...@spamassassin.org>
[snipped signatures of the deprecated signing key]
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Group|security |
Component|Security |Libraries
AssignedTo|security@spamassassin.apach |dev@spamassassin.apache.org
|e.org |
--- Comment #28 from Justin Mason <jm...@jmason.org> 2010-01-27 03:16:36 UTC ---
reassigning, too
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Mark Martinec <Ma...@ijs.si> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard| |can be committed
--- Comment #40 from Mark Martinec <Ma...@ijs.si> 2011-05-11 12:56:07 UTC ---
The file should be updated together with Bug 6288 I think.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #15 from Mark Martinec <Ma...@ijs.si> 2010-01-18 16:24:17 UTC ---
+1 Looks fine.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4646|0 |1
is obsolete| |
--- Comment #21 from Justin Mason <jm...@jmason.org> 2010-01-19 04:32:22 UTC ---
Created an attachment (id=4650)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4650)
another new KEYS file, with URLs
'Shouldn't the file contain the text that is now in
http://www.apache.org/dist/spamassassin/KEYS file? Although I would add to that
both the URL http://www.apache.org/dist/spamassassin/KEYS and that a copy can
be found in rules/sa-update-pubkey.txt in the source distribution.'
as suggested -- this revision fixes that.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #18 from Justin Mason <jm...@jmason.org> 2010-01-19 04:05:41 UTC ---
(In reply to comment #16)
> +1
>
> You didn't add a mention of the two locations where the file can be found as I
> suggested in comment #10, but that was just a suggestion.
hmm. I missed that -- sorry :(
> However, I see that you cut the final 3.3.0 tarball before committing this. Is
> it really ok to have rules/sa-update.txt say that the release key is different
> from the one used to sign the release?
the current rules/sa-update.txt (as in the release) says:
This is the GPG key that updates are signed with (currently,
as of Wed Dec 21 19:31:38 PST 2005. Please contact <dev /at/
spamassassin.apache.org> with any questions.
and it's this key:
: 204...; gpg -v rules/sa-update-pubkey.txt
gpg: armor header: Version: GnuPG v1.4.2 (SunOS)
pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key
<re...@spamassassin.org>
sig 5244EC45 2005-12-20 [selfsig]
sub 4096R/24F434CE 2005-12-20
sig 5244EC45 2005-12-20 [keybind]
sig 5244EC45 2008-01-10 [keybind]
this key is not changing (aside from the addition of cross-signatures).
so there's no issue there; the released sa-update-pubkey.txt file will
still be correct without this patch.
> Perhaps the release announcement ahould be amended to tell people to get the
> new release key from http://www.apache.org/dist/spamassassin/KEYS ? That way
> anyone who is careful about checking will be up to date before they get as far
> as looking at rules/sa-update.txt.
I'll change the release announcement as you suggested on the dev list.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Kevin A. McGrail <km...@pccc.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kmcgrail@pccc.com
Target Milestone|3.3.2 |3.4.1
--- Comment #51 from Kevin A. McGrail <km...@pccc.com> ---
Moving all open bugs where target is defined and 3.4.0 or lower to 3.4.1 target
--
You are receiving this mail because:
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Darxus <Da...@ChaosReigns.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|enhancement |normal
--- Comment #50 from Darxus <Da...@ChaosReigns.com> 2011-10-05 19:36:32 UTC ---
Retargeting from 3.3.2 (released) to 3.4.0 (currently trunk). Just needs votes
and a commit. Changed priority from enhancement to normal.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #48 from Matus UHLAR - fantomas <uh...@fantomas.sk> 2011-06-07 06:02:49 UTC ---
+1 (doesn't bugzilla have its voting system?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #49 from Darxus <Da...@ChaosReigns.com> 2011-06-07 15:19:56 UTC ---
(In reply to comment #48)
> +1 (doesn't bugzilla have its voting system?
Yes. I had been wondering about that.
http://lists.osafoundation.org/pipermail/chandler-dev/2005-March/002566.html
I don't seem to have the "edit attachment" link this talks about.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4628|0 |1
is obsolete| |
--- Comment #13 from Justin Mason <jm...@jmason.org> 2010-01-16 15:45:14 UTC ---
Created an attachment (id=4646)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4646)
fixed
ok, this one contains _just_ the important keys and their direct sigs, and has
a text header. I suggest that this can be both the KEYS file on the dist site,
and the new rules/sa-update-pubkey.txt.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #30 from Justin Mason <jm...@jmason.org> 2010-01-29 08:54:03 UTC ---
Here's a replacement KEYS/GPG.KEY/pubkey.txt file that deals with Henk's
suggestion -- it contains my public key (as well as a couple of committers/pmc
members who have signed the 3 versions of signing keys, according to keyserver
hkp://subkeys.pgp.net).
Exported using:
gpg --export --armor F7D39814 5244EC45 265FA05B \
298BC7D0 54A2ACF1 > o
cat header o > KEYS_with_signers
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|key infrastructure for sa- |[review] cross-sign GPG
|update is not properly |keys, have an official SA
|specified |keyring
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #17 from Sidney Markowitz <si...@sidney.com> 2010-01-18 17:20:13 UTC ---
I just noticed that the new key also needs to be uploaded to
http://spamassassin.apache.org/updates/GPG.KEY as well as to
http://www.apache.org/dist/spamassassin/KEYS
And both have to be in place before the release announcement.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Sidney Markowitz <si...@sidney.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4663|0 |1
is obsolete| |
Attachment #4907|0 |1
is obsolete| |
--- Comment #44 from Sidney Markowitz <si...@sidney.com> 2011-06-04 02:56:22 UTC ---
Created attachment 4916
--> https://issues.apache.org/SpamAssassin/attachment.cgi?id=4916
KEYS file with just the necessary three, with my signing added
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
To make sure I understand the process, as long as the voting had been reset
all the way back to just 1 anyway, I signed the two unrevoked keys and
recreated from my keyring the file Darxus submitted. I also uploaded the newly
signed public keys to the keyservers. Like Adam, I am signing this comment
just because it is so cool to act all security-paranoid when doing things with
PGP keys. Or GPG keys. Whatever.
And this makes my implied vote explicit: +1
Sidney
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
iQEcBAEBAgAGBQJN6Z5WAAoJEK/R1BNiJeoSQucH/jfvvZcgFmgNkjQWx7HV+eat
EtovfH2Syj8wavFSeLbw5M4/8TGAw0Ep3R0GXlWI0LozDLTxKY9caCDgoFq1OFvt
aHsOMXvdWsPs0J+qpUMeSgqdrwU/o/VQkWNQNCB0zHOjXYBXms7nJRZRbdqx5KOR
3QdjX1l85NyRJEPS0kjePfoLUYPHGemLEQLUh2gSCU3dDWwpgekVXWYVanLHXmKl
Fl8iWhCtHyn7OXw5ejBGUYnjpnm6W/hu5/xjKZweiJeftTiik14l61j5TFybt2qO
SeVGSXd0xDzjJomydLzcyNpcL5Z6tR48GI/jntcPJ+Rzf0BivMn7hFteXJkHgeg=
=RQO1
-----END PGP SIGNATURE-----
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] key infrastructure for sa-update is not properly specified
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #3 from Justin Mason <jm...@jmason.org> 2008-08-07 01:42:21 PST ---
Created an attachment (id=4354)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4354)
new KEYS keyring file
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #45 from Darxus <Da...@ChaosReigns.com> 2011-06-04 03:23:02 UTC ---
I verified Sidney's KEYS file, looks good to me. Only change is, as he said,
the addition of his signatures to the non-expired keys.
These are created with, as JM said:
gpg --export --armor 5244EC45 F7D39814 265FA05B > KEYS.txt
And then just prepend the descriptive header with a text editor or cat.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Karsten Bräckelmann <gu...@rudersport.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Group|security |
Component|Security |Libraries
AssignedTo|security@spamassassin.apach |dev@spamassassin.apache.org
|e.org |
--- Comment #35 from Karsten Bräckelmann <gu...@rudersport.de> 2010-03-23 17:42:53 UTC ---
Moving back off of Security, which got changed by accident during the mass
Target Milestone move.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #8 from Warren Togami <wt...@redhat.com> 2010-01-11 08:43:36 UTC ---
Over 500 people signed the new signing key?
Without checking its photo id? =)
I suppose this is OK, but is including all 200KB really necessary?
+1
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #26 from Justin Mason <jm...@jmason.org> 2010-01-26 07:06:09 UTC ---
got a mail from Henk that needs addressing --
'Hi Justin,
the sig checker can't find public PGP key '24F434CE'
in any KEYS file ;
http://people.apache.org/~henkp/checker/sig.html#user-jm
Can you please add this public key to
/x1/www/www.apache.org/dist/spamassassin/KEYS
Thanks, regards,
Henk Penning'
so this may need more work.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4650|0 |1
is obsolete| |
--- Comment #29 from Justin Mason <jm...@jmason.org> 2010-01-29 08:35:33 UTC ---
Created an attachment (id=4662)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4662)
new KEYS file with direct signers' pubkeys
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4354|0 |1
is obsolete| |
--- Comment #7 from Justin Mason <jm...@jmason.org> 2010-01-07 15:09:38 UTC ---
Created an attachment (id=4628)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4628)
newer new KEYS keyring file
I previously regenerated the release signing key to use a 4096-bit RSA privkey,
4096R/7B3265A5, so this needed to be redone. I also took the opportunity to
verify cross-signing and update the signing keys from the keyservers. The
result is attached.
it's significantly larger (200k!). I think that's because the export includes
the entire web of trust -- so lots of ASF people as well. that's probably a
good thing, though, right? (any gpg wizards listening?)
Please vote on this to replace rules/sa-update-pubkey.txt and
www.apache.org/dist/spamassassin/KEYS...
: 122...; gpg -v ~/DL/KEYS
gpg: armor header: Version: GnuPG v2.0.13 (FreeBSD)
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
<re...@spamassassin.org>
sig 265FA05B 2003-08-21 [selfsig]
sig E580B363 2003-08-21 Theo Van Dinter <fe...@kluge.net>
sig ADD4C933 2004-05-09 [User ID not found]
sig 677BA1EC 2004-09-30 [User ID not found]
sig E213B692 2004-09-30 [User ID not found]
sig 5DC3F473 2004-09-30 [User ID not found]
sig 298BC7D0 2008-08-07 Justin Mason <jm...@jmason.org>
sig 8C80C35F 2003-06-09 Rod Begbie <ro...@null.net>
sig 1646A1CF 2004-09-23 [User ID not found]
sig 30B94B5C 2005-05-17 [User ID not found]
sig 7DF1F870 2008-07-27 [User ID not found]
gpg: NOTE: signature key E4B880E2 expired Wed Jul 22 15:58:04 2009 UTC
sig E4B880E2 2004-11-16 Michael Parker <pa...@pobox.com>
sig 66A9A510 2005-02-07 [User ID not found]
sig 48EA207B 2006-04-01 [User ID not found]
sig E580B363 2003-06-09 Theo Van Dinter <fe...@kluge.net>
sig 6E58EF0A 2003-08-21 [User ID not found]
sig EAE8EB6A 2004-12-05 Malte S. Stretz <ms...@msquadrat.de>
sig F6899BC0 2008-01-08 [User ID not found]
sig 265FA05B 2003-06-09 [selfsig]
uid SpamAssassin Signing Key
<sp...@lists.sourceforge.net>
rev 265FA05B 2004-08-16 [selfsig]
sig 265FA05B 2003-06-09 [selfsig]
sig E580B363 2003-06-09 Theo Van Dinter <fe...@kluge.net>
sig 8C80C35F 2003-06-09 Rod Begbie <ro...@null.net>
sig 6E58EF0A 2003-08-21 [User ID not found]
sub 1024D/FC51569B 2003-08-21
sig 265FA05B 2003-08-21 [keybind]
sig 8C80C35F 2003-06-09 Rod Begbie <ro...@null.net>
sig E580B363 2003-06-09 Theo Van Dinter <fe...@kluge.net>
sig 6E58EF0A 2003-08-21 [User ID not found]
sig 265FA05B 2003-06-09 [selfsig]
pub 1024D/E580B363 1997-11-09 Theo Van Dinter <fe...@kluge.net>
sig 27A914E6 2003-03-17 [User ID not found]
sig 8514CC32 2003-03-17 [User ID not found]
sig 9CFB830A 2002-11-05 [User ID not found]
sig E580B363 2002-10-09 [selfsig]
sig E580B363 1997-11-09 [selfsig]
sig 97161B93 2004-07-11 [User ID not found]
sig 314514EE 2003-11-01 [User ID not found]
sig 1A7ED56D 2003-11-01 [User ID not found]
sig 15A86059 2003-11-04 [User ID not found]
sig F2CF01A8 2003-12-17 [User ID not found]
sig 898AA63C 2004-04-23 [User ID not found]
sig E26A6F28 2004-07-03 [User ID not found]
sig 68FD549F 2004-07-06 [User ID not found]
sig 873CF1AD 2004-11-19 Cory Friend <co...@atmosenergy.com>
sig 152924AF 2004-12-03 Sander Temme <sa...@temme.net>
sig 8C80C35F 2005-02-16 Rod Begbie <ro...@null.net>
sig 61326D40 2005-02-16 [User ID not found]
sig B6CDEDD7 2005-12-09 [User ID not found]
sig AF226A4C 2005-12-09 [User ID not found]
sig B80E83A5 2005-12-09 [User ID not found]
sig E787A300 2005-12-10 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig B5CE5497 2005-12-16 [User ID not found]
sig A43C4492 2005-12-26 Carlos Sanchez <ca...@apache.org>
sig 6103BF59 2006-01-17 Davanum Srinivas (CODE SIGNING)
<di...@apache.org>
sig 28284F99 2006-01-17 Davanum Srinivas <di...@wso2.com>
sig 65B078B8 2006-12-06 [User ID not found]
sig 4705C9C7 2006-12-06 [User ID not found]
sig 13354673 2006-12-06 [User ID not found]
sig BB929E54 2008-03-04 J Robert Ray <jr...@gmail.com>
sig 45C024FD 2004-07-03 [User ID not found]
sig E4B880E2 2004-11-14 Michael Parker <pa...@pobox.com>
sig 9284C452 2004-11-23 Michael A. Dickerson <mi...@singingtree.com>
sig F5FC4B42 2004-11-24 Theodore W. Leung <tw...@sauria.com>
gpg: NOTE: signature key 11DF87E9 expired Sun Jan 1 19:41:31 2006 UTC
sig 11DF87E9 2004-12-04 Paul Weinstein (pdw@vortex4.net)
<pd...@vortex4.net>
sig E4136392 2004-12-11 Noel J. Bergman <no...@apache.org>
sig F7E3C3B4 2005-02-16 [User ID not found]
sig 845DFEDD 2005-12-15 Gregory S. Sutter <gs...@zer0.org>
sig E91AB9B9 2003-05-29 [User ID not found]
sig 677BA1EC 2003-09-12 [User ID not found]
sig 24460EC7 2003-10-29 [User ID not found]
sig 8918AE29 2003-10-30 [User ID not found]
sig 21C3DB20 2003-11-13 [User ID not found]
sig E213B692 2004-01-13 [User ID not found]
sig 5DC3F473 2004-01-19 [User ID not found]
sig 6E58EF0A 2004-01-21 [User ID not found]
sig 49BB5886 2004-04-23 [User ID not found]
sig E2E88CEC 2004-04-23 [User ID not found]
sig B5F1EFB3 2004-04-23 [User ID not found]
sig 5DC682A4 2004-04-24 [User ID not found]
sig 3B2C212B 2004-04-24 [User ID not found]
sig FD3D2C2E 2004-07-01 [User ID not found]
sig D1CECB3D 2004-07-02 [User ID not found]
sig ABFEA412 2004-07-08 [User ID not found]
sig F894BE12 2004-11-16 [User ID not found]
sig 298BC7D0 2004-11-16 Justin Mason <jm...@jmason.org>
sig CC78C893 2004-11-17 Rich Bowen <rb...@rcbowen.com>
sig E04F9A89 2004-11-17 Roy T. Fielding <fi...@gbiv.com>
sig 328AF204 2004-11-18 Rich Feit <ri...@apache.org>
sig E0D4776D 2004-11-22 Ilkka Tammela (illord) <il...@iki.fi>
gpg: NOTE: signature key 12BFE79A expired Sun Oct 1 16:42:47 2006 UTC
sig 12BFE79A 2004-11-22 Kevin L. Collins (General Purpose Key)
<kc...@klcollins.org>
sig D1AA8962 2004-11-24 Brian Behlendorf <br...@collab.net>
sig 2D2DAA52 2004-11-25 Kevin Crowston <cr...@syr.edu>
sig 1C43D850 2004-11-29 Heather Stephens <he...@apache.org>
sig 16A8D3AB 2004-12-14 Julie MacNaught <jm...@apache.org>
sig 23CB7A2A 2004-12-26 David Crossley <cr...@apache.org>
sig 31B0974B 2005-02-16 [User ID not found]
sig 4676F327 2005-02-28 [User ID not found]
sig 21D0A71B 2005-12-13 Dirk-Willem van Gulik <di...@asemantics.com>
sig 35C100F0 2005-12-14 [User ID not found]
gpg: NOTE: signature key A879FCF5 expired Sun Nov 5 21:04:09 2006 UTC
sig A879FCF5 2005-12-16 Gregory Trubetskoy (Grisha) <gr...@ispol.com>
sig 75A67692 2006-02-23 Erik Abele <er...@codefaktor.de>
sig 69AC07B9 2006-12-06 [User ID not found]
sig 6AF52019 2006-12-06 [User ID not found]
sig 236D9400 2006-12-06 [User ID not found]
sig EE7DC74E 2006-12-06 [User ID not found]
sig 603D4F54 2006-12-06 [User ID not found]
sig CCE3BD36 2003-08-23 [User ID not found]
sig E5800910 2003-09-12 [User ID not found]
sig E580B363 2003-09-12 [selfsig]
sig E580B363 1997-11-09 [selfsig]
sig E5800910 2003-09-12 [User ID not found]
sig E580B363 2003-09-12 [selfsig]
sig E580B363 2003-09-12 [selfsig]
sig E580B363 2004-07-05 [selfsig]
sig E580B363 2002-10-09 [selfsig]
sig E580B363 2003-09-12 [selfsig]
sig E580B363 2009-08-12 [selfsig]
sig 65D0FD58 2007-01-29 [User ID not found]
sig 4A24D6F4 2005-02-16 [User ID not found]
sig F74F343D 2003-11-01 [User ID not found]
sig 8B05342D 2003-11-13 [User ID not found]
sig 4EE1756D 2003-11-06 [User ID not found]
sig EC140B81 2004-11-16 Dirk-Willem van Gulik
<di...@wirelessleiden.nl>
sig C52DCE75 2003-11-01 [User ID not found]
sig 7F75635F 2004-07-25 [User ID not found]
sig F95C2F6D 2005-12-16 [User ID not found]
sig 5290E477 2004-07-03 [User ID not found]
sig 66A14468 2004-10-27 [User ID not found]
sig 6C7C4F5D 2004-11-17 Robyn Wagner, Esq. <ro...@rwlaw.us>
sig A8E18D8C 2005-12-11 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid Theo Van Dinter <tv...@bblisa.org>
sig 8514CC32 2003-03-17 [User ID not found]
sig 9CFB830A 2002-11-05 [User ID not found]
sig E580B363 2002-10-09 [selfsig]
sig F2CF01A8 2003-12-17 [User ID not found]
sig 314514EE 2003-11-01 [User ID not found]
sig 1A7ED56D 2003-11-01 [User ID not found]
sig 15A86059 2003-11-04 [User ID not found]
sig 898AA63C 2004-04-23 [User ID not found]
sig E26A6F28 2004-07-03 [User ID not found]
sig 68FD549F 2004-07-06 [User ID not found]
sig 152924AF 2004-12-03 Sander Temme <sa...@temme.net>
sig 8C80C35F 2005-02-16 Rod Begbie <ro...@null.net>
sig 61326D40 2005-02-16 [User ID not found]
sig B6CDEDD7 2005-12-09 [User ID not found]
sig AF226A4C 2005-12-09 [User ID not found]
sig B80E83A5 2005-12-09 [User ID not found]
sig E787A300 2005-12-10 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig B5CE5497 2005-12-16 [User ID not found]
sig A43C4492 2005-12-26 Carlos Sanchez <ca...@apache.org>
sig A43C4492 2005-12-26 Carlos Sanchez <ca...@apache.org>
sig 6103BF59 2006-01-17 Davanum Srinivas (CODE SIGNING)
<di...@apache.org>
sig 6103BF59 2006-01-17 Davanum Srinivas (CODE SIGNING)
<di...@apache.org>
sig 28284F99 2006-01-17 Davanum Srinivas <di...@wso2.com>
sig 28284F99 2006-01-17 Davanum Srinivas <di...@wso2.com>
sig 65B078B8 2006-12-06 [User ID not found]
sig 65B078B8 2006-12-06 [User ID not found]
sig 4705C9C7 2006-12-06 [User ID not found]
sig 13354673 2006-12-06 [User ID not found]
sig 13354673 2006-12-06 [User ID not found]
sig BB929E54 2008-03-04 J Robert Ray <jr...@gmail.com>
sig 45C024FD 2004-07-03 [User ID not found]
sig E4B880E2 2004-11-14 Michael Parker <pa...@pobox.com>
sig 9284C452 2004-11-23 Michael A. Dickerson <mi...@singingtree.com>
sig F5FC4B42 2004-11-24 Theodore W. Leung <tw...@sauria.com>
sig 11DF87E9 2004-12-04 Paul Weinstein (pdw@vortex4.net)
<pd...@vortex4.net>
sig E4136392 2004-12-11 Noel J. Bergman <no...@apache.org>
sig F7E3C3B4 2005-02-16 [User ID not found]
sig 845DFEDD 2005-12-15 Gregory S. Sutter <gs...@zer0.org>
sig E91AB9B9 2003-05-29 [User ID not found]
sig 677BA1EC 2003-09-12 [User ID not found]
sig 24460EC7 2003-10-29 [User ID not found]
sig 8918AE29 2003-10-30 [User ID not found]
sig 21C3DB20 2003-11-13 [User ID not found]
sig E213B692 2004-01-13 [User ID not found]
sig 5DC3F473 2004-01-19 [User ID not found]
sig 6E58EF0A 2004-01-21 [User ID not found]
sig 49BB5886 2004-04-23 [User ID not found]
sig E2E88CEC 2004-04-23 [User ID not found]
sig 3B2C212B 2004-04-24 [User ID not found]
sig FD3D2C2E 2004-07-01 [User ID not found]
sig D1CECB3D 2004-07-02 [User ID not found]
sig ABFEA412 2004-07-08 [User ID not found]
sig 97161B93 2004-07-11 [User ID not found]
sig F894BE12 2004-11-16 [User ID not found]
sig 298BC7D0 2004-11-16 Justin Mason <jm...@jmason.org>
sig CC78C893 2004-11-17 Rich Bowen <rb...@rcbowen.com>
sig E04F9A89 2004-11-17 Roy T. Fielding <fi...@gbiv.com>
sig 328AF204 2004-11-18 Rich Feit <ri...@apache.org>
sig E0D4776D 2004-11-22 Ilkka Tammela (illord) <il...@iki.fi>
sig 12BFE79A 2004-11-22 Kevin L. Collins (General Purpose Key)
<kc...@klcollins.org>
sig D1AA8962 2004-11-24 Brian Behlendorf <br...@collab.net>
sig 2D2DAA52 2004-11-25 Kevin Crowston <cr...@syr.edu>
sig 1C43D850 2004-11-29 Heather Stephens <he...@apache.org>
sig 23CB7A2A 2004-12-26 David Crossley <cr...@apache.org>
sig 31B0974B 2005-02-16 [User ID not found]
sig 21D0A71B 2005-12-13 Dirk-Willem van Gulik <di...@asemantics.com>
sig 35C100F0 2005-12-14 [User ID not found]
sig A879FCF5 2005-12-16 Gregory Trubetskoy (Grisha) <gr...@ispol.com>
sig 75A67692 2006-02-23 Erik Abele <er...@codefaktor.de>
sig 69AC07B9 2006-12-06 [User ID not found]
sig 6AF52019 2006-12-06 [User ID not found]
sig 236D9400 2006-12-06 [User ID not found]
sig 236D9400 2006-12-06 [User ID not found]
sig EE7DC74E 2006-12-06 [User ID not found]
sig 603D4F54 2006-12-06 [User ID not found]
sig CCE3BD36 2003-08-23 [User ID not found]
sig E5800910 2002-10-09 [User ID not found]
sig E580B363 2002-10-09 [selfsig]
sig E580B363 2009-08-12 [selfsig]
sig 65D0FD58 2007-01-29 [User ID not found]
sig 4A24D6F4 2005-02-16 [User ID not found]
sig F74F343D 2003-11-01 [User ID not found]
sig 8B05342D 2003-11-13 [User ID not found]
sig EC140B81 2004-11-16 Dirk-Willem van Gulik
<di...@wirelessleiden.nl>
sig C52DCE75 2003-11-01 [User ID not found]
sig 7F75635F 2004-07-25 [User ID not found]
sig F95C2F6D 2005-12-16 [User ID not found]
sig 5290E477 2004-07-03 [User ID not found]
sig 66A14468 2004-10-27 [User ID not found]
sig A8E18D8C 2005-12-11 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid Theo Van Dinter <fe...@mkrdns.org>
sig 8514CC32 2003-03-17 [User ID not found]
sig 9CFB830A 2002-11-05 [User ID not found]
sig E580B363 2002-10-09 [selfsig]
sig 677BA1EC 2003-09-12 [User ID not found]
sig 314514EE 2003-11-01 [User ID not found]
sig 1A7ED56D 2003-11-01 [User ID not found]
sig 15A86059 2003-11-04 [User ID not found]
sig F2CF01A8 2003-12-17 [User ID not found]
sig 898AA63C 2004-04-23 [User ID not found]
sig E26A6F28 2004-07-03 [User ID not found]
sig 68FD549F 2004-07-06 [User ID not found]
sig 152924AF 2004-12-03 Sander Temme <sa...@temme.net>
sig 8C80C35F 2005-02-16 Rod Begbie <ro...@null.net>
sig 61326D40 2005-02-16 [User ID not found]
sig B6CDEDD7 2005-12-09 [User ID not found]
sig AF226A4C 2005-12-09 [User ID not found]
sig B80E83A5 2005-12-09 [User ID not found]
sig E787A300 2005-12-10 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig B5CE5497 2005-12-16 [User ID not found]
sig A43C4492 2005-12-26 Carlos Sanchez <ca...@apache.org>
sig 6103BF59 2006-01-17 Davanum Srinivas (CODE SIGNING)
<di...@apache.org>
sig 28284F99 2006-01-17 Davanum Srinivas <di...@wso2.com>
sig 65B078B8 2006-12-06 [User ID not found]
sig 4705C9C7 2006-12-06 [User ID not found]
sig 13354673 2006-12-06 [User ID not found]
sig BB929E54 2008-03-04 J Robert Ray <jr...@gmail.com>
sig 45C024FD 2004-07-03 [User ID not found]
sig E4B880E2 2004-11-14 Michael Parker <pa...@pobox.com>
sig 9284C452 2004-11-23 Michael A. Dickerson <mi...@singingtree.com>
sig 11DF87E9 2004-12-04 Paul Weinstein (pdw@vortex4.net)
<pd...@vortex4.net>
sig E4136392 2004-12-11 Noel J. Bergman <no...@apache.org>
sig F7E3C3B4 2005-02-16 [User ID not found]
sig 845DFEDD 2005-12-15 Gregory S. Sutter <gs...@zer0.org>
sig E91AB9B9 2003-05-29 [User ID not found]
sig 24460EC7 2003-10-29 [User ID not found]
sig 8918AE29 2003-10-30 [User ID not found]
sig 21C3DB20 2003-11-13 [User ID not found]
sig E213B692 2004-01-13 [User ID not found]
sig 5DC3F473 2004-01-19 [User ID not found]
sig 6E58EF0A 2004-01-21 [User ID not found]
sig 49BB5886 2004-04-23 [User ID not found]
sig E2E88CEC 2004-04-23 [User ID not found]
sig 3B2C212B 2004-04-24 [User ID not found]
sig FD3D2C2E 2004-07-01 [User ID not found]
sig D1CECB3D 2004-07-02 [User ID not found]
sig ABFEA412 2004-07-08 [User ID not found]
sig 97161B93 2004-07-11 [User ID not found]
sig F894BE12 2004-11-16 [User ID not found]
sig 298BC7D0 2004-11-16 Justin Mason <jm...@jmason.org>
sig CC78C893 2004-11-17 Rich Bowen <rb...@rcbowen.com>
sig E04F9A89 2004-11-17 Roy T. Fielding <fi...@gbiv.com>
sig 328AF204 2004-11-18 Rich Feit <ri...@apache.org>
sig E0D4776D 2004-11-22 Ilkka Tammela (illord) <il...@iki.fi>
sig 12BFE79A 2004-11-22 Kevin L. Collins (General Purpose Key)
<kc...@klcollins.org>
sig D1AA8962 2004-11-24 Brian Behlendorf <br...@collab.net>
sig 2D2DAA52 2004-11-25 Kevin Crowston <cr...@syr.edu>
sig 1C43D850 2004-11-29 Heather Stephens <he...@apache.org>
sig 23CB7A2A 2004-12-26 David Crossley <cr...@apache.org>
sig 31B0974B 2005-02-16 [User ID not found]
sig 4676F327 2005-02-28 [User ID not found]
sig 21D0A71B 2005-12-13 Dirk-Willem van Gulik <di...@asemantics.com>
sig 35C100F0 2005-12-14 [User ID not found]
sig A879FCF5 2005-12-16 Gregory Trubetskoy (Grisha) <gr...@ispol.com>
sig 75A67692 2006-02-23 Erik Abele <er...@codefaktor.de>
sig 69AC07B9 2006-12-06 [User ID not found]
sig 6AF52019 2006-12-06 [User ID not found]
sig 236D9400 2006-12-06 [User ID not found]
sig EE7DC74E 2006-12-06 [User ID not found]
sig 603D4F54 2006-12-06 [User ID not found]
sig CCE3BD36 2003-08-23 [User ID not found]
sig E5800910 2002-10-09 [User ID not found]
sig E580B363 2002-10-09 [selfsig]
sig E580B363 2009-08-12 [selfsig]
sig 65D0FD58 2007-01-29 [User ID not found]
sig 4A24D6F4 2005-02-16 [User ID not found]
sig F74F343D 2003-11-01 [User ID not found]
sig 8B05342D 2003-11-13 [User ID not found]
sig EC140B81 2004-11-16 Dirk-Willem van Gulik
<di...@wirelessleiden.nl>
sig C52DCE75 2003-11-01 [User ID not found]
sig 7F75635F 2004-07-25 [User ID not found]
sig F95C2F6D 2005-12-16 [User ID not found]
sig 5290E477 2004-07-03 [User ID not found]
sig 66A14468 2004-10-27 [User ID not found]
sig A8E18D8C 2005-12-11 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid Theo Van Dinter <fe...@spamassassin.org>
sig E580B363 2003-06-17 [selfsig]
sig 898AA63C 2004-04-23 [User ID not found]
sig 6103BF59 2006-01-17 Davanum Srinivas (CODE SIGNING)
<di...@apache.org>
sig 314514EE 2003-11-01 [User ID not found]
sig 1A7ED56D 2003-11-01 [User ID not found]
sig F2CF01A8 2003-12-17 [User ID not found]
sig E26A6F28 2004-07-03 [User ID not found]
sig 68FD549F 2004-07-06 [User ID not found]
sig 152924AF 2004-12-03 Sander Temme <sa...@temme.net>
sig 8C80C35F 2005-02-16 Rod Begbie <ro...@null.net>
sig 61326D40 2005-02-16 [User ID not found]
sig B6CDEDD7 2005-12-09 [User ID not found]
sig AF226A4C 2005-12-09 [User ID not found]
sig B80E83A5 2005-12-09 [User ID not found]
sig E787A300 2005-12-10 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig B5CE5497 2005-12-16 [User ID not found]
sig A43C4492 2005-12-26 Carlos Sanchez <ca...@apache.org>
sig 28284F99 2006-01-17 Davanum Srinivas <di...@wso2.com>
sig 65B078B8 2006-12-06 [User ID not found]
sig 4705C9C7 2006-12-06 [User ID not found]
sig 13354673 2006-12-06 [User ID not found]
sig BB929E54 2008-03-04 J Robert Ray <jr...@gmail.com>
sig 45C024FD 2004-07-03 [User ID not found]
sig E4B880E2 2004-11-14 Michael Parker <pa...@pobox.com>
sig 9284C452 2004-11-23 Michael A. Dickerson <mi...@singingtree.com>
sig F5FC4B42 2004-11-24 Theodore W. Leung <tw...@sauria.com>
sig 11DF87E9 2004-12-04 Paul Weinstein (pdw@vortex4.net)
<pd...@vortex4.net>
sig E4136392 2004-12-11 Noel J. Bergman <no...@apache.org>
sig F7E3C3B4 2005-02-16 [User ID not found]
sig 845DFEDD 2005-12-15 Gregory S. Sutter <gs...@zer0.org>
sig 677BA1EC 2003-09-12 [User ID not found]
sig 24460EC7 2003-10-29 [User ID not found]
sig 8918AE29 2003-10-30 [User ID not found]
sig 21C3DB20 2003-11-13 [User ID not found]
sig E213B692 2004-01-13 [User ID not found]
sig 5DC3F473 2004-01-19 [User ID not found]
sig 6E58EF0A 2004-01-21 [User ID not found]
sig 49BB5886 2004-04-23 [User ID not found]
sig E2E88CEC 2004-04-23 [User ID not found]
sig 3B2C212B 2004-04-24 [User ID not found]
sig FD3D2C2E 2004-07-01 [User ID not found]
sig D1CECB3D 2004-07-02 [User ID not found]
sig ABFEA412 2004-07-08 [User ID not found]
sig 97161B93 2004-07-11 [User ID not found]
sig F894BE12 2004-11-16 [User ID not found]
sig 298BC7D0 2004-11-16 Justin Mason <jm...@jmason.org>
sig CC78C893 2004-11-17 Rich Bowen <rb...@rcbowen.com>
sig E04F9A89 2004-11-17 Roy T. Fielding <fi...@gbiv.com>
sig 328AF204 2004-11-18 Rich Feit <ri...@apache.org>
sig E0D4776D 2004-11-22 Ilkka Tammela (illord) <il...@iki.fi>
sig 12BFE79A 2004-11-22 Kevin L. Collins (General Purpose Key)
<kc...@klcollins.org>
sig D1AA8962 2004-11-24 Brian Behlendorf <br...@collab.net>
sig 2D2DAA52 2004-11-25 Kevin Crowston <cr...@syr.edu>
sig 1C43D850 2004-11-29 Heather Stephens <he...@apache.org>
sig 23CB7A2A 2004-12-26 David Crossley <cr...@apache.org>
sig 31B0974B 2005-02-16 [User ID not found]
sig 4676F327 2005-02-28 [User ID not found]
sig 21D0A71B 2005-12-13 Dirk-Willem van Gulik <di...@asemantics.com>
sig 35C100F0 2005-12-14 [User ID not found]
sig A879FCF5 2005-12-16 Gregory Trubetskoy (Grisha) <gr...@ispol.com>
sig 75A67692 2006-02-23 Erik Abele <er...@codefaktor.de>
sig 69AC07B9 2006-12-06 [User ID not found]
sig 6AF52019 2006-12-06 [User ID not found]
sig EE7DC74E 2006-12-06 [User ID not found]
sig 603D4F54 2006-12-06 [User ID not found]
sig CCE3BD36 2003-08-23 [User ID not found]
rev E580B363 2009-07-29 [selfsig]
sig E580B363 2003-06-17 [selfsig]
sig 65D0FD58 2007-01-29 [User ID not found]
sig 4A24D6F4 2005-02-16 [User ID not found]
sig F74F343D 2003-11-01 [User ID not found]
sig 8B05342D 2003-11-13 [User ID not found]
sig EC140B81 2004-11-16 Dirk-Willem van Gulik
<di...@wirelessleiden.nl>
sig C52DCE75 2003-11-01 [User ID not found]
sig 7F75635F 2004-07-25 [User ID not found]
sig F95C2F6D 2005-12-16 [User ID not found]
sig 5290E477 2004-07-03 [User ID not found]
sig 66A14468 2004-10-27 [User ID not found]
sig A8E18D8C 2005-12-11 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid Theo Van Dinter <tv...@mac.com>
sig 314514EE 2003-11-01 [User ID not found]
sig 1A7ED56D 2003-11-01 [User ID not found]
sig F2CF01A8 2003-12-17 [User ID not found]
sig 898AA63C 2004-04-23 [User ID not found]
sig E26A6F28 2004-07-03 [User ID not found]
sig 68FD549F 2004-07-06 [User ID not found]
sig 152924AF 2004-12-03 Sander Temme <sa...@temme.net>
sig 8C80C35F 2005-02-16 Rod Begbie <ro...@null.net>
sig 61326D40 2005-02-16 [User ID not found]
sig 45C024FD 2004-07-03 [User ID not found]
sig E4B880E2 2004-11-14 Michael Parker <pa...@pobox.com>
sig 9284C452 2004-11-23 Michael A. Dickerson <mi...@singingtree.com>
sig F5FC4B42 2004-11-24 Theodore W. Leung <tw...@sauria.com>
sig 11DF87E9 2004-12-04 Paul Weinstein (pdw@vortex4.net)
<pd...@vortex4.net>
sig E4136392 2004-12-11 Noel J. Bergman <no...@apache.org>
sig F7E3C3B4 2005-02-16 [User ID not found]
sig 24460EC7 2003-10-29 [User ID not found]
sig 8918AE29 2003-10-30 [User ID not found]
sig 21C3DB20 2003-11-13 [User ID not found]
sig 6E58EF0A 2004-01-21 [User ID not found]
sig 49BB5886 2004-04-23 [User ID not found]
sig E2E88CEC 2004-04-23 [User ID not found]
sig 3B2C212B 2004-04-24 [User ID not found]
sig FD3D2C2E 2004-07-01 [User ID not found]
sig D1CECB3D 2004-07-02 [User ID not found]
sig ABFEA412 2004-07-08 [User ID not found]
sig 97161B93 2004-07-11 [User ID not found]
sig F894BE12 2004-11-16 [User ID not found]
sig 298BC7D0 2004-11-16 Justin Mason <jm...@jmason.org>
sig CC78C893 2004-11-17 Rich Bowen <rb...@rcbowen.com>
sig E04F9A89 2004-11-17 Roy T. Fielding <fi...@gbiv.com>
sig 328AF204 2004-11-18 Rich Feit <ri...@apache.org>
sig E0D4776D 2004-11-22 Ilkka Tammela (illord) <il...@iki.fi>
sig 12BFE79A 2004-11-22 Kevin L. Collins (General Purpose Key)
<kc...@klcollins.org>
sig D1AA8962 2004-11-24 Brian Behlendorf <br...@collab.net>
sig 2D2DAA52 2004-11-25 Kevin Crowston <cr...@syr.edu>
sig 1C43D850 2004-11-29 Heather Stephens <he...@apache.org>
sig 23CB7A2A 2004-12-26 David Crossley <cr...@apache.org>
sig 31B0974B 2005-02-16 [User ID not found]
sig 4676F327 2005-02-28 [User ID not found]
rev E580B363 2005-10-07 [selfsig]
sig E580B363 2003-10-25 [selfsig]
sig E580B363 2003-10-25 [selfsig]
sig E580B363 2003-10-25 [selfsig]
sig E580B363 2003-10-25 [selfsig]
sig 4A24D6F4 2005-02-16 [User ID not found]
sig F74F343D 2003-11-01 [User ID not found]
sig 8B05342D 2003-11-13 [User ID not found]
sig EC140B81 2004-11-16 Dirk-Willem van Gulik
<di...@wirelessleiden.nl>
sig C52DCE75 2003-11-01 [User ID not found]
sig 7F75635F 2004-07-25 [User ID not found]
sig 5290E477 2004-07-03 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid Theo Van Dinter <fe...@apache.org>
sig 152924AF 2004-12-03 Sander Temme <sa...@temme.net>
sig 8C80C35F 2005-02-16 Rod Begbie <ro...@null.net>
sig 61326D40 2005-02-16 [User ID not found]
sig B6CDEDD7 2005-12-09 [User ID not found]
sig AF226A4C 2005-12-09 [User ID not found]
sig B80E83A5 2005-12-09 [User ID not found]
sig E787A300 2005-12-10 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig B5CE5497 2005-12-16 [User ID not found]
sig A43C4492 2005-12-26 Carlos Sanchez <ca...@apache.org>
sig 6103BF59 2006-01-17 Davanum Srinivas (CODE SIGNING)
<di...@apache.org>
sig 28284F99 2006-01-17 Davanum Srinivas <di...@wso2.com>
sig F2CF01A8 2006-02-27 [User ID not found]
sig 65B078B8 2006-12-06 [User ID not found]
sig 4705C9C7 2006-12-06 [User ID not found]
sig 13354673 2006-12-06 [User ID not found]
sig BB929E54 2008-03-04 J Robert Ray <jr...@gmail.com>
sig E4B880E2 2004-11-14 Michael Parker <pa...@pobox.com>
sig 9284C452 2004-11-23 Michael A. Dickerson <mi...@singingtree.com>
sig F5FC4B42 2004-11-24 Theodore W. Leung <tw...@sauria.com>
sig 11DF87E9 2004-12-04 Paul Weinstein (pdw@vortex4.net)
<pd...@vortex4.net>
sig E4136392 2004-12-11 Noel J. Bergman <no...@apache.org>
sig 845DFEDD 2005-12-15 Gregory S. Sutter <gs...@zer0.org>
sig F894BE12 2004-11-16 [User ID not found]
sig 298BC7D0 2004-11-16 Justin Mason <jm...@jmason.org>
sig CC78C893 2004-11-17 Rich Bowen <rb...@rcbowen.com>
sig E04F9A89 2004-11-17 Roy T. Fielding <fi...@gbiv.com>
sig 328AF204 2004-11-18 Rich Feit <ri...@apache.org>
sig E0D4776D 2004-11-22 Ilkka Tammela (illord) <il...@iki.fi>
sig 12BFE79A 2004-11-22 Kevin L. Collins (General Purpose Key)
<kc...@klcollins.org>
sig D1AA8962 2004-11-24 Brian Behlendorf <br...@collab.net>
sig 2D2DAA52 2004-11-25 Kevin Crowston <cr...@syr.edu>
sig 1C43D850 2004-11-29 Heather Stephens <he...@apache.org>
sig 23CB7A2A 2004-12-26 David Crossley <cr...@apache.org>
sig 31B0974B 2005-02-16 [User ID not found]
sig 4676F327 2005-02-28 [User ID not found]
sig 21D0A71B 2005-12-13 Dirk-Willem van Gulik <di...@asemantics.com>
sig 35C100F0 2005-12-14 [User ID not found]
sig A879FCF5 2005-12-16 Gregory Trubetskoy (Grisha) <gr...@ispol.com>
sig 75A67692 2006-02-23 Erik Abele <er...@codefaktor.de>
sig 6AF52019 2006-12-06 [User ID not found]
sig 236D9400 2006-12-06 [User ID not found]
sig EE7DC74E 2006-12-06 [User ID not found]
sig 603D4F54 2006-12-06 [User ID not found]
sig E580B363 2004-07-27 [selfsig]
sig E580B363 2009-08-12 [selfsig]
sig E580B363 2004-07-27 [selfsig]
sig 65D0FD58 2007-01-29 [User ID not found]
sig 4A24D6F4 2005-02-16 [User ID not found]
sig EC140B81 2004-11-16 Dirk-Willem van Gulik
<di...@wirelessleiden.nl>
sig F95C2F6D 2005-12-16 [User ID not found]
sig 6C7C4F5D 2004-11-17 Robyn Wagner, Esq. <ro...@rwlaw.us>
sig A8E18D8C 2005-12-11 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid Theo Van Dinter <tv...@techtarget.com>
sig 314514EE 2003-11-01 [User ID not found]
sig 1A7ED56D 2003-11-01 [User ID not found]
sig F2CF01A8 2003-12-17 [User ID not found]
sig 898AA63C 2004-04-23 [User ID not found]
sig E26A6F28 2004-07-03 [User ID not found]
sig 68FD549F 2004-07-06 [User ID not found]
sig 152924AF 2004-12-03 Sander Temme <sa...@temme.net>
sig 8C80C35F 2005-02-16 Rod Begbie <ro...@null.net>
sig 61326D40 2005-02-16 [User ID not found]
sig B6CDEDD7 2005-12-09 [User ID not found]
sig AF226A4C 2005-12-09 [User ID not found]
sig B80E83A5 2005-12-09 [User ID not found]
sig E787A300 2005-12-10 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig 85796A23 2005-12-13 [User ID not found]
sig B5CE5497 2005-12-16 [User ID not found]
sig 6103BF59 2006-01-17 Davanum Srinivas (CODE SIGNING)
<di...@apache.org>
sig 28284F99 2006-01-17 Davanum Srinivas <di...@wso2.com>
sig 45C024FD 2004-07-03 [User ID not found]
sig E4B880E2 2004-11-14 Michael Parker <pa...@pobox.com>
sig 9284C452 2004-11-23 Michael A. Dickerson <mi...@singingtree.com>
sig F5FC4B42 2004-11-24 Theodore W. Leung <tw...@sauria.com>
sig 11DF87E9 2004-12-04 Paul Weinstein (pdw@vortex4.net)
<pd...@vortex4.net>
sig E4136392 2004-12-11 Noel J. Bergman <no...@apache.org>
sig F7E3C3B4 2005-02-16 [User ID not found]
sig 845DFEDD 2005-12-15 Gregory S. Sutter <gs...@zer0.org>
sig 24460EC7 2003-10-29 [User ID not found]
sig 8918AE29 2003-10-30 [User ID not found]
sig 21C3DB20 2003-11-13 [User ID not found]
sig 6E58EF0A 2004-01-21 [User ID not found]
sig 49BB5886 2004-04-23 [User ID not found]
sig E2E88CEC 2004-04-23 [User ID not found]
sig 3B2C212B 2004-04-24 [User ID not found]
sig FD3D2C2E 2004-07-01 [User ID not found]
sig D1CECB3D 2004-07-02 [User ID not found]
sig ABFEA412 2004-07-08 [User ID not found]
sig 97161B93 2004-07-11 [User ID not found]
sig F894BE12 2004-11-16 [User ID not found]
sig 298BC7D0 2004-11-16 Justin Mason <jm...@jmason.org>
sig CC78C893 2004-11-17 Rich Bowen <rb...@rcbowen.com>
sig E04F9A89 2004-11-17 Roy T. Fielding <fi...@gbiv.com>
sig 328AF204 2004-11-18 Rich Feit <ri...@apache.org>
sig E0D4776D 2004-11-22 Ilkka Tammela (illord) <il...@iki.fi>
sig 12BFE79A 2004-11-22 Kevin L. Collins (General Purpose Key)
<kc...@klcollins.org>
sig D1AA8962 2004-11-24 Brian Behlendorf <br...@collab.net>
sig 2D2DAA52 2004-11-25 Kevin Crowston <cr...@syr.edu>
sig 1C43D850 2004-11-29 Heather Stephens <he...@apache.org>
sig 23CB7A2A 2004-12-26 David Crossley <cr...@apache.org>
sig 31B0974B 2005-02-16 [User ID not found]
sig 4676F327 2005-02-28 [User ID not found]
sig 21D0A71B 2005-12-13 Dirk-Willem van Gulik <di...@asemantics.com>
sig 35C100F0 2005-12-14 [User ID not found]
sig A879FCF5 2005-12-16 Gregory Trubetskoy (Grisha) <gr...@ispol.com>
rev E580B363 2006-01-18 [selfsig]
sig E580B363 2003-09-12 [selfsig]
sig E580B363 2003-09-12 [selfsig]
sig E580B363 2003-09-12 [selfsig]
sig E580B363 2003-09-12 [selfsig]
sig 4A24D6F4 2005-02-16 [User ID not found]
sig F74F343D 2003-11-01 [User ID not found]
sig 8B05342D 2003-11-13 [User ID not found]
sig EC140B81 2004-11-16 Dirk-Willem van Gulik
<di...@wirelessleiden.nl>
sig C52DCE75 2003-11-01 [User ID not found]
sig 7F75635F 2004-07-25 [User ID not found]
sig F95C2F6D 2005-12-16 [User ID not found]
sig 5290E477 2004-07-03 [User ID not found]
sig A8E18D8C 2005-12-11 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid [jpeg image of size 12212]
sig E580B363 2009-08-12 [selfsig]
sub 3072g/B9B33054 1997-11-09
sig E580B363 1997-11-09 [keybind]
gpg: NOTE: signature key 6E58EF0A expired Sun Oct 10 13:08:04 2004 UTC
pub 1024D/6E58EF0A 1999-10-12 [revoked]
rev 6E58EF0A 2004-10-10 [selfsig]
uid Justin Mason <jm...@jmason.org>
sig 6E58EF0A 1999-10-12 [selfsig]
sig 38AA1D47 2004-05-09 Robert Menschel <RM...@bigfoot.com>
sig 95161991 2004-08-05 [User ID not found]
sig E580B363 2003-11-02 Theo Van Dinter <fe...@kluge.net>
sub 1024g/98472126 1999-10-12 [revoked: 2004-10-10]
sig 6E58EF0A 1999-10-12 [keybind]
gpg: NOTE: signature key 8C80C35F expired Fri Aug 7 01:03:27 2009 UTC
gpg: NOTE: signature key 8C80C35F expired Fri Aug 7 01:03:27 2009 UTC
gpg: NOTE: signature key 8C80C35F expired Fri Aug 7 01:03:27 2009 UTC
gpg: NOTE: signature key 8C80C35F expired Fri Aug 7 01:03:27 2009 UTC
gpg: NOTE: signature key 8C80C35F expired Fri Aug 7 01:03:27 2009 UTC
pub 1024D/8C80C35F 1997-08-15 rOD Begbie <rO...@begbie.com>
sig 4C96375D 2001-03-26 [User ID not found]
sig 6AA10B91 2001-03-26 [User ID not found]
sig 8C80C35F 2001-03-26 [selfsig]
sig 6614AC87 2003-06-03 [User ID not found]
sig 959600C3 2003-06-04 [User ID not found]
sig 4A24D6F4 2004-08-13 [User ID not found]
rev 8C80C35F 2004-08-14 [selfsig]
sig 31B0974B 2005-05-26 [User ID not found]
sig 8C80C35F 2005-04-22 [selfsig]
rev 8C80C35F 2005-07-25 [selfsig]
sig CA57AD7C 2005-04-22 [User ID not found]
sig CA57AD7C 2005-04-27 [User ID not found]
sig CA57AD7C 2005-05-13 [User ID not found]
sig CA57AD7C 2005-05-28 [User ID not found]
sig CA57AD7C 2005-06-13 [User ID not found]
sig CA57AD7C 2005-06-28 [User ID not found]
sig CA57AD7C 2005-07-16 [User ID not found]
sig CA57AD7C 2005-07-18 [User ID not found]
sig CA57AD7C 2005-08-04 [User ID not found]
sig CA57AD7C 2005-08-21 [User ID not found]
sig CA57AD7C 2005-09-04 [User ID not found]
uid Rod Begbie <ro...@null.net>
sig 4C96375D 1997-08-15 [User ID not found]
sig 8C80C35F 1997-08-15 [selfsig]
sig 6614AC87 2003-06-03 [User ID not found]
sig 959600C3 2003-06-04 [User ID not found]
rev 8C80C35F 2003-08-24 [selfsig]
rev 8C80C35F 2003-09-08 [selfsig]
uid Rod Begbie <rb...@sapient.com>
sig 8C80C35F 1999-04-26 [selfsig]
sig 6614AC87 2003-06-03 [User ID not found]
sig 959600C3 2003-06-04 [User ID not found]
rev 8C80C35F 2003-08-24 [selfsig]
rev 8C80C35F 2003-09-08 [selfsig]
uid rOD Begbie <rO...@arsecandle.org>
sig 8C80C35F 2001-05-16 [selfsig]
sig 6614AC87 2003-06-03 [User ID not found]
sig 959600C3 2003-06-04 [User ID not found]
sig 4A24D6F4 2004-08-13 [User ID not found]
rev 8C80C35F 2004-08-14 [selfsig]
sig 31B0974B 2005-05-26 [User ID not found]
sig 8C80C35F 2005-04-22 [selfsig]
rev 8C80C35F 2005-07-25 [selfsig]
sig CA57AD7C 2005-04-22 [User ID not found]
sig CA57AD7C 2005-04-27 [User ID not found]
sig CA57AD7C 2005-05-13 [User ID not found]
sig CA57AD7C 2005-05-28 [User ID not found]
sig CA57AD7C 2005-06-13 [User ID not found]
sig CA57AD7C 2005-06-28 [User ID not found]
sig CA57AD7C 2005-07-16 [User ID not found]
sig CA57AD7C 2005-07-18 [User ID not found]
sig CA57AD7C 2005-08-04 [User ID not found]
sig CA57AD7C 2005-08-21 [User ID not found]
sig CA57AD7C 2005-09-04 [User ID not found]
uid rOD Begbie <rb...@skginc.net>
sig 4C96375D 2001-03-26 [User ID not found]
sig 8C80C35F 2001-03-26 [selfsig]
sig 6AA10B91 2001-03-26 [User ID not found]
sig 6614AC87 2003-06-03 [User ID not found]
sig 959600C3 2003-06-04 [User ID not found]
rev 8C80C35F 2004-02-05 [selfsig]
uid rOD Begbie <rO...@groovymother.com>
sig 8C80C35F 2003-08-05 [selfsig]
sig 4A24D6F4 2004-08-13 [User ID not found]
rev 8C80C35F 2004-08-14 [selfsig]
sig 31B0974B 2005-05-26 [User ID not found]
sig 8C80C35F 2005-04-22 [selfsig]
rev 8C80C35F 2005-07-25 [selfsig]
sig CA57AD7C 2005-04-22 [User ID not found]
sig CA57AD7C 2005-04-27 [User ID not found]
sig CA57AD7C 2005-05-13 [User ID not found]
sig CA57AD7C 2005-05-28 [User ID not found]
sig CA57AD7C 2005-06-13 [User ID not found]
sig CA57AD7C 2005-06-28 [User ID not found]
sig CA57AD7C 2005-07-16 [User ID not found]
sig CA57AD7C 2005-07-18 [User ID not found]
sig CA57AD7C 2005-08-04 [User ID not found]
sig CA57AD7C 2005-08-21 [User ID not found]
sig CA57AD7C 2005-09-04 [User ID not found]
uid Rod Begbie <ro...@begbie.com>
sig 8155E4F3 2005-05-26 [User ID not found]
sig 302A3876 2006-03-21 [User ID not found]
sig 4676F327 2005-02-28 [User ID not found]
sig 8C80C35F 1998-02-11 [selfsig]
sig 8C80C35F 1999-04-26 [selfsig]
sig 61326D40 2005-02-16 [User ID not found]
sig A699B797 2005-03-01 [User ID not found]
sig F7E3C3B4 2005-02-16 [User ID not found]
sig 31B0974B 2005-05-26 [User ID not found]
sig E580B363 2005-02-18 Theo Van Dinter <fe...@kluge.net>
sig 60C383BC 2005-07-27 [User ID not found]
sig 8C80C35F 2004-08-08 [selfsig]
sig 65D0FD58 2007-05-03 [User ID not found]
sig 9E2BD1F2 2004-08-08 [User ID not found]
sig 65D0FD58 2004-08-14 [User ID not found]
sig 65D0FD58 2006-03-21 [User ID not found]
sig 8C80C35F 2005-07-13 [selfsig]
sig 4C96375D 1999-04-26 [User ID not found]
sig CA57AD7C 2004-12-23 [User ID not found]
sig CA57AD7C 2005-01-18 [User ID not found]
sig CA57AD7C 2005-02-01 [User ID not found]
sig CA57AD7C 2005-02-14 [User ID not found]
sig CA57AD7C 2005-02-16 [User ID not found]
sig CA57AD7C 2005-02-19 [User ID not found]
sig CA57AD7C 2005-05-13 [User ID not found]
sig CA57AD7C 2005-05-28 [User ID not found]
sig CA57AD7C 2005-06-13 [User ID not found]
sig CA57AD7C 2005-08-21 [User ID not found]
sig CA57AD7C 2006-06-01 [User ID not found]
sig CA57AD7C 2006-06-01 [User ID not found]
sig CA57AD7C 2006-06-14 [User ID not found]
sig CA57AD7C 2006-06-27 [User ID not found]
sig CA57AD7C 2006-06-27 [User ID not found]
sig CA57AD7C 2006-07-10 [User ID not found]
sig CA57AD7C 2006-07-24 [User ID not found]
sig CA57AD7C 2006-07-24 [User ID not found]
sig CA57AD7C 2006-08-06 [User ID not found]
sig CA57AD7C 2006-09-13 [User ID not found]
sig CA57AD7C 2006-09-13 [User ID not found]
sig CA57AD7C 2006-10-17 [User ID not found]
sig CA57AD7C 2006-11-26 [User ID not found]
sig CA57AD7C 2006-11-26 [User ID not found]
sig CA57AD7C 2006-12-09 [User ID not found]
sig CA57AD7C 2006-12-09 [User ID not found]
sig CA57AD7C 2006-12-23 [User ID not found]
sig CA57AD7C 2006-12-25 [User ID not found]
sig CA57AD7C 2007-01-05 [User ID not found]
sig CA57AD7C 2007-01-05 [User ID not found]
sig CA57AD7C 2007-01-19 [User ID not found]
sig CA57AD7C 2007-01-19 [User ID not found]
sig CA57AD7C 2007-04-28 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid Rod Begbie <ro...@arsecandle.org>
sig 302A3876 2006-03-21 [User ID not found]
sig 4676F327 2005-02-28 [User ID not found]
sig 61326D40 2005-02-16 [User ID not found]
sig A699B797 2005-03-01 [User ID not found]
sig F7E3C3B4 2005-02-16 [User ID not found]
sig 31B0974B 2005-05-26 [User ID not found]
sig E580B363 2005-02-18 Theo Van Dinter <fe...@kluge.net>
sig 60C383BC 2005-07-27 [User ID not found]
sig 8C80C35F 2004-08-08 [selfsig]
sig 65D0FD58 2007-05-03 [User ID not found]
sig 9E2BD1F2 2004-08-08 [User ID not found]
sig 65D0FD58 2004-08-14 [User ID not found]
sig 65D0FD58 2006-03-21 [User ID not found]
sig 8C80C35F 2005-07-13 [selfsig]
sig CA57AD7C 2004-12-23 [User ID not found]
sig CA57AD7C 2005-01-18 [User ID not found]
sig CA57AD7C 2005-02-01 [User ID not found]
sig CA57AD7C 2005-02-14 [User ID not found]
sig CA57AD7C 2005-02-16 [User ID not found]
sig CA57AD7C 2005-02-19 [User ID not found]
sig CA57AD7C 2006-06-01 [User ID not found]
sig CA57AD7C 2006-06-01 [User ID not found]
sig CA57AD7C 2006-06-14 [User ID not found]
sig CA57AD7C 2006-06-27 [User ID not found]
sig CA57AD7C 2006-06-27 [User ID not found]
sig CA57AD7C 2006-07-10 [User ID not found]
sig CA57AD7C 2006-07-24 [User ID not found]
sig CA57AD7C 2006-07-24 [User ID not found]
sig CA57AD7C 2006-08-06 [User ID not found]
sig CA57AD7C 2006-09-13 [User ID not found]
sig CA57AD7C 2006-09-13 [User ID not found]
sig CA57AD7C 2006-10-17 [User ID not found]
sig CA57AD7C 2006-11-26 [User ID not found]
sig CA57AD7C 2006-11-26 [User ID not found]
sig CA57AD7C 2006-12-09 [User ID not found]
sig CA57AD7C 2006-12-09 [User ID not found]
sig CA57AD7C 2006-12-23 [User ID not found]
sig CA57AD7C 2006-12-25 [User ID not found]
sig CA57AD7C 2007-01-05 [User ID not found]
sig CA57AD7C 2007-01-05 [User ID not found]
sig CA57AD7C 2007-01-19 [User ID not found]
sig CA57AD7C 2007-01-19 [User ID not found]
sig CA57AD7C 2007-04-28 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid Rod Begbie <ro...@gmail.com>
sig 302A3876 2006-03-21 [User ID not found]
sig 4676F327 2005-02-28 [User ID not found]
sig 61326D40 2005-02-16 [User ID not found]
sig A699B797 2005-03-01 [User ID not found]
sig 31B0974B 2005-05-26 [User ID not found]
sig E580B363 2005-02-18 Theo Van Dinter <fe...@kluge.net>
sig 60C383BC 2005-07-27 [User ID not found]
sig 8C80C35F 2005-02-12 [selfsig]
sig 65D0FD58 2007-05-03 [User ID not found]
sig 65D0FD58 2005-03-10 [User ID not found]
sig 65D0FD58 2006-03-21 [User ID not found]
sig 8C80C35F 2005-04-22 [selfsig]
sig 8C80C35F 2005-07-13 [selfsig]
sig CA57AD7C 2005-02-19 [User ID not found]
sig CA57AD7C 2005-04-22 [User ID not found]
sig CA57AD7C 2005-04-27 [User ID not found]
sig CA57AD7C 2005-05-13 [User ID not found]
sig CA57AD7C 2005-05-13 [User ID not found]
sig CA57AD7C 2005-05-28 [User ID not found]
sig CA57AD7C 2005-05-28 [User ID not found]
sig CA57AD7C 2005-06-13 [User ID not found]
sig CA57AD7C 2005-06-13 [User ID not found]
sig CA57AD7C 2005-06-28 [User ID not found]
sig CA57AD7C 2005-07-16 [User ID not found]
sig CA57AD7C 2005-07-18 [User ID not found]
sig CA57AD7C 2005-08-04 [User ID not found]
sig CA57AD7C 2005-08-21 [User ID not found]
sig CA57AD7C 2005-08-21 [User ID not found]
sig CA57AD7C 2005-09-04 [User ID not found]
sig CA57AD7C 2006-06-01 [User ID not found]
sig CA57AD7C 2006-06-01 [User ID not found]
sig CA57AD7C 2006-06-14 [User ID not found]
sig CA57AD7C 2006-06-27 [User ID not found]
sig CA57AD7C 2006-06-27 [User ID not found]
sig CA57AD7C 2006-07-10 [User ID not found]
sig CA57AD7C 2006-07-24 [User ID not found]
sig CA57AD7C 2006-07-24 [User ID not found]
sig CA57AD7C 2006-08-06 [User ID not found]
sig CA57AD7C 2006-09-13 [User ID not found]
sig CA57AD7C 2006-09-13 [User ID not found]
sig CA57AD7C 2006-10-17 [User ID not found]
sig CA57AD7C 2006-11-26 [User ID not found]
sig CA57AD7C 2006-11-26 [User ID not found]
sig CA57AD7C 2006-12-09 [User ID not found]
sig CA57AD7C 2006-12-09 [User ID not found]
sig CA57AD7C 2006-12-23 [User ID not found]
sig CA57AD7C 2006-12-25 [User ID not found]
sig CA57AD7C 2007-01-05 [User ID not found]
sig CA57AD7C 2007-01-05 [User ID not found]
sig CA57AD7C 2007-01-19 [User ID not found]
sig CA57AD7C 2007-01-19 [User ID not found]
sig CA57AD7C 2007-04-28 [User ID not found]
sig CA57AD7C 2007-08-04 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid Rod Begbie <ro...@groovymother.com>
sig 302A3876 2006-03-21 [User ID not found]
sig 4676F327 2005-02-28 [User ID not found]
sig 61326D40 2005-02-16 [User ID not found]
sig A699B797 2005-03-01 [User ID not found]
sig F7E3C3B4 2005-02-16 [User ID not found]
sig 31B0974B 2005-05-26 [User ID not found]
sig E580B363 2005-02-18 Theo Van Dinter <fe...@kluge.net>
sig 60C383BC 2005-07-27 [User ID not found]
sig 8C80C35F 2004-08-08 [selfsig]
sig 65D0FD58 2007-05-03 [User ID not found]
sig 9E2BD1F2 2004-08-08 [User ID not found]
sig 65D0FD58 2004-08-14 [User ID not found]
sig 65D0FD58 2006-03-21 [User ID not found]
sig 8C80C35F 2005-07-13 [selfsig]
sig CA57AD7C 2006-12-09 [User ID not found]
sig CA57AD7C 2004-12-23 [User ID not found]
sig CA57AD7C 2005-01-18 [User ID not found]
sig CA57AD7C 2005-02-01 [User ID not found]
sig CA57AD7C 2005-02-14 [User ID not found]
sig CA57AD7C 2005-02-16 [User ID not found]
sig CA57AD7C 2005-02-19 [User ID not found]
sig CA57AD7C 2006-06-01 [User ID not found]
sig CA57AD7C 2006-06-01 [User ID not found]
sig CA57AD7C 2006-06-14 [User ID not found]
sig CA57AD7C 2006-06-27 [User ID not found]
sig CA57AD7C 2006-06-27 [User ID not found]
sig CA57AD7C 2006-07-10 [User ID not found]
sig CA57AD7C 2006-07-24 [User ID not found]
sig CA57AD7C 2006-07-24 [User ID not found]
sig CA57AD7C 2006-08-06 [User ID not found]
sig CA57AD7C 2006-09-13 [User ID not found]
sig CA57AD7C 2006-09-13 [User ID not found]
sig CA57AD7C 2006-10-17 [User ID not found]
sig CA57AD7C 2006-11-26 [User ID not found]
sig CA57AD7C 2006-11-26 [User ID not found]
sig CA57AD7C 2006-12-09 [User ID not found]
sig CA57AD7C 2006-12-23 [User ID not found]
sig CA57AD7C 2006-12-25 [User ID not found]
sig CA57AD7C 2007-01-05 [User ID not found]
sig CA57AD7C 2007-01-05 [User ID not found]
sig CA57AD7C 2007-01-19 [User ID not found]
sig CA57AD7C 2007-01-19 [User ID not found]
sig CA57AD7C 2007-04-28 [User ID not found]
sig 99242560 2005-02-21 [User ID not found]
uid Rod Begbie <rb...@bus-innovation.com>
sig 4A24D6F4 2004-08-13 [User ID not found]
sig 8C80C35F 2004-04-02 [selfsig]
rev 8C80C35F 2005-01-07 [selfsig]
sig 8C80C35F 2004-08-08 [selfsig]
sig 9E2BD1F2 2004-08-08 [User ID not found]
sig 65D0FD58 2004-08-14 [User ID not found]
uid [jpeg image of size 7583]
sig 8155E4F3 2005-05-26 [User ID not found]
sig 302A3876 2006-03-21 [User ID not found]
sig A699B797 2005-03-01 [User ID not found]
sig 31B0974B 2005-05-26 [User ID not found]
sig 8C80C35F 2004-08-08 [selfsig]
sig 8C80C35F 2004-08-08 [selfsig]
sig 65D0FD58 2007-05-03 [User ID not found]
sig 65D0FD58 2005-03-10 [User ID not found]
sig 65D0FD58 2006-03-21 [User ID not found]
sig 8C80C35F 2005-04-22 [selfsig]
sig 8C80C35F 2005-07-13 [selfsig]
sub 2048g/57E8C6A1 1997-08-15
sig 8C80C35F 1997-08-15 [keybind]
sub 1024R/85A7466D 2006-01-31
sig 8C80C35F 2006-01-31 [keybind]
sub 1024R/C84C962B 2006-01-31 [revoked: 2006-08-02]
sig 8C80C35F 2006-01-31 [keybind]
sig 8C80C35F 2006-08-02 [selfsig]
sub 2048R/BC42C93D 2005-02-21
sig 8C80C35F 2005-02-21 [keybind]
pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key
<re...@spamassassin.org>
sig 5244EC45 2005-12-20 [selfsig]
sig 298BC7D0 2008-08-07 Justin Mason <jm...@jmason.org>
sig 265FA05B 2008-08-07 SpamAssassin Signing Key
<re...@spamassassin.org>
sig 6CB1BC68 2008-05-12 [User ID not found]
sig 7DF1F870 2008-07-27 [User ID not found]
sub 4096R/24F434CE 2005-12-20
sig 5244EC45 2008-01-10 [keybind]
pub 4096R/F7D39814 2009-12-02 SpamAssassin Signing Key (Code Signing Key,
replacement for 1024D/265FA05B) <de...@spamassassin.apache.org>
sig F7D39814 2009-12-02 [selfsig]
sig 265FA05B 2009-12-02 SpamAssassin Signing Key
<re...@spamassassin.org>
sig 54A2ACF1 2009-12-27 [User ID not found]
uid SpamAssassin Project Management Committee
<pr...@spamassassin.apache.org>
sig F7D39814 2009-12-02 [selfsig]
sig 54A2ACF1 2009-12-27 [User ID not found]
sub 4096R/7B3265A5 2009-12-02
sig F7D39814 2009-12-02 [keybind]
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #24 from Sidney Markowitz <si...@sidney.com> 2010-01-19 10:34:43 UTC ---
A slight correction to my previous comment. Right now
http://spamassassin.apache.org/updates/GPG.KEY is the same file as
rules/sa-update-pubkey.txt so that is the reason that it should be updated with
this proposed new file at the same time that it is committed to
rules/sa-update-pubkey.txt. I will not propose restarting the voting by adding
that URL to the text too :)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Darxus <Da...@ChaosReigns.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Darxus@ChaosReigns.com
--- Comment #39 from Darxus <Da...@ChaosReigns.com> 2011-05-11 03:40:13 UTC ---
Whiteboard should be changed to "ready to commit for 3.3.2".
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #20 from Justin Mason <jm...@jmason.org> 2010-01-19 04:29:25 UTC ---
also (sorry for the storm of mails ;) --
(In reply to comment #17)
> I just noticed that the new key also needs to be uploaded to
> http://spamassassin.apache.org/updates/GPG.KEY as well as to
> http://www.apache.org/dist/spamassassin/KEYS
>
> And both have to be in place before the release announcement.
http://www.apache.org/dist/spamassassin/KEYS *already* contains both the new
release signing key and the updates signing key.
http://spamassassin.apache.org/updates/GPG.KEY contains only the updates
signing key, which is ok, because that location is specifically for the updates
signing key info only anyway.
Neither need to be updated before release.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #23 from Sidney Markowitz <si...@sidney.com> 2010-01-19 10:13:14 UTC ---
+1
Ok, I think I understand it now - This file contains both the release signing
key and the sa-update signing key. The former is new because we can no longer
use the old one. The latter is unchanged but has been cross-signed so that
going forward it will be compatible with newer versions of gpg, however the
older copy of the key is still usable. sa-update is packaged with this
sa-update key independent of this proposed change to this file so someone
installing 3.3.0 does not have to download this file after we commit this
change even if they run a current version of GPG. This proposed file will serve
the purposes of both the KEYS file and the sa-update-pubkey.txt file, but is
not the same as the http://spamassassin.apache.org/updates/GPG.KEY although it
would not hurt to use this file for that one, as that one only needs to have
the sa-update signing key in it. And finally, I think we do need to update
http://spamassassin.apache.org/updates/GPG.KEY with the cross-signed version of
the sa-update key, which cam be done by using this file for that too, or by
exporting just the sa-update key and uploading that, is that correct?
$ gpg -v GPG.KEY
gpg: armor header: Version: GnuPG v1.4.2 (SunOS)
pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key
<re...@spamassassin.org>
sig 5244EC45 2005-12-20 [selfsig]
sub 4096R/24F434CE 2005-12-20
sig 5244EC45 2005-12-20 [keybind]
sig 5244EC45 2008-01-10 [keybind]
As compared to the portion of gpg -v output from this file:
pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key
<re...@spamassassin.org>
sig 5244EC45 2005-12-20 [selfsig]
sig 298BC7D0 2008-08-07 Justin Mason <jm...@jmason.org>
sig 265FA05B 2008-08-07 SpamAssassin Signing Key
<re...@spamassassin.org>
sig 6CB1BC68 2008-05-12 Alain Wolf <wo...@restkultur.ch>
sig 7DF1F870 2008-07-27 Frank C. Langbein <fr...@langbein.org>
sig F7D39814 2010-01-16 SpamAssassin Project Management Committee
<pr...@spamassassin.apache.org>
sub 4096R/24F434CE 2005-12-20
sig 5244EC45 2005-12-20 [keybind]
sig 5244EC45 2008-01-10 [keybind]
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Adam Katz <an...@khopis.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |antispam@khopis.com
--- Comment #37 from Adam Katz <an...@khopis.com> 2011-05-09 19:30:38 UTC ---
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I signed F7D39814 5244EC45 265FA05B and resubmitted them to
they key servers earlier today. This signed comment can be
used as proof (w.r.t. my bugzilla account) of my owning key
F4AD9292.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3IP+oACgkQjroVuvStkpInMQCgo9GOoa5eHqZKEi7/8Uuoyeup
2EYAn3UMyXWR5Qb26SZ3j1h4UBavlLHi
=O/iR
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The same goes for my channel-signing key, E8B493D6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk3IQNUACgkQnCRV0Oi0k9Yw4wCgrpEpqiv8a/6eCFjbr3a9SXkH
k3YAnRiOJ8exUtQonnbtbzBK1cAVtgTj
=Dv1T
-----END PGP SIGNATURE-----
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jm@jmason.org
Target Milestone|3.2.6 |3.3.0
--- Comment #5 from Justin Mason <jm...@jmason.org> 2009-12-17 13:36:44 UTC ---
I'm not sure I fixed this. let's complete it for 3.3.0
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #11 from Justin Mason <jm...@jmason.org> 2010-01-15 04:54:34 UTC ---
(In reply to comment #10)
> (in reply to comment #9)
>
> Shouldn't the file contain the text that is now in
> http://www.apache.org/dist/spamassassin/KEYS file? Although I would add to that
> both the URL http://www.apache.org/dist/spamassassin/KEYS and that a copy can
> be found in rules/sa-update-pubkey.txt in the source distribution.
Oops. Will fix this.
> I don't see any reason to include all the second level signatures. It usually
> won't be enough to validate the key anyway without going on line, and anyone
> who is installing SpamAssassin has the ability to go online at some point.
Ok. I'll try to trim it down.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #4662|0 |1
is obsolete| |
--- Comment #31 from Justin Mason <jm...@jmason.org> 2010-01-29 08:54:52 UTC ---
Created an attachment (id=4663)
--> (https://issues.apache.org/SpamAssassin/attachment.cgi?id=4663)
another recut, with Warren and my pubkeys
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Sidney Markowitz <si...@sidney.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |sidney@sidney.com
--- Comment #10 from Sidney Markowitz <si...@sidney.com> 2010-01-14 18:46:06 UTC ---
(in reply to comment #9)
Shouldn't the file contain the text that is now in
http://www.apache.org/dist/spamassassin/KEYS file? Although I would add to that
both the URL http://www.apache.org/dist/spamassassin/KEYS and that a copy can
be found in rules/sa-update-pubkey.txt in the source distribution.
I don't see any reason to include all the second level signatures. It usually
won't be enough to validate the key anyway without going on line, and anyone
who is installing SpamAssassin has the ability to go online at some point.
By the way, this looks like it might be relevant:
http://people.apache.org/~henkp/trust/
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #25 from Justin Mason <jm...@jmason.org> 2010-01-20 04:25:06 UTC ---
(In reply to comment #23)
> +1
>
> Ok, I think I understand it now - This file contains both the release signing
> key and the sa-update signing key. The former is new because we can no longer
> use the old one. The latter is unchanged but has been cross-signed so that
> going forward it will be compatible with newer versions of gpg, however the
> older copy of the key is still usable. sa-update is packaged with this
> sa-update key independent of this proposed change to this file so someone
> installing 3.3.0 does not have to download this file after we commit this
> change even if they run a current version of GPG. This proposed file will serve
> the purposes of both the KEYS file and the sa-update-pubkey.txt file, but is
> not the same as the http://spamassassin.apache.org/updates/GPG.KEY although it
> would not hurt to use this file for that one, as that one only needs to have
> the sa-update signing key in it. And finally, I think we do need to update
> http://spamassassin.apache.org/updates/GPG.KEY with the cross-signed version of
> the sa-update key, which cam be done by using this file for that too, or by
> exporting just the sa-update key and uploading that, is that correct?
all correct ;) I suggest we use this entire file for /updates/GPG.KEY -- try
to keep it simple(ish).
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #33 from Justin Mason <jm...@jmason.org> 2010-03-12 14:36:22 UTC ---
(In reply to comment #32)
> +1 looks fine here.
>
> Although why my key specifically? Did the other core devs not directly sign
> it? I'm not a core dev.
you're a committer, so more or less the same thing! nope, other devs have not
signed it (yet).
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@issues.apache.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #36 from Sidney Markowitz <si...@sidney.com> 2010-04-17 17:58:23 EDT ---
After all this time of being confused by the comments in this bug I finally
looked up what cross-signing GPG keys is all about and how to do it. For anyone
who is as confused and ill-informed as I, here is a link explaining what it is
and how to do it
http://www.gnupg.org/faq/subkey-cross-certify.en.html
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #22 from Justin Mason <jm...@jmason.org> 2010-01-19 04:41:05 UTC ---
just to be clear: please re-vote on the new file. since this change doesn't
need to impede release, there's no urgency. ;)
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #9 from Justin Mason <jm...@jmason.org> 2010-01-12 14:00:40 UTC ---
(In reply to comment #8)
> Over 500 people signed the new signing key?
>
> Without checking its photo id? =)
>
> I suppose this is OK, but is including all 200KB really necessary?
>
> +1
over 500 people signed keys that signed the key. (probably most are from
keysigning parties that myself or Theo attended, I suspect)
If it's safe, I'd like to trim down the 200KB to something smaller; can any GPG
wizards indicate that it's ok to do so? my naive assumption is that if I was
to do so, it would lessen people's ability to verify a web-of-trust between
their own trusted keys, and our keys, assuming they were attempting to do so
without a working connection to a keyserver (e.g. offline).
Maybe the web-of-trust is moot in our use-cases, but I think it's a nice side
benefit of using gpg.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Warren Togami <wa...@togami.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|3.2.4 |3.3.0
Status Whiteboard|needs 2 votes |needs 1 votes
--- Comment #32 from Warren Togami <wa...@togami.com> 2010-03-11 03:37:36 UTC ---
+1 looks fine here.
Although why my key specifically? Did the other core devs not directly sign
it? I'm not a core dev.
[test@newcaprica ~]$ gpg --import /tmp/attachment.cgi\?id\=4663
gpg: /home/test/.gnupg/trustdb.gpg: trustdb created
gpg: key 265FA05B: public key "SpamAssassin Signing Key
<re...@spamassassin.org>" imported
gpg: key 298BC7D0: public key "Justin Mason <jm...@jmason.org>" imported
gpg: key 5244EC45: public key "updates.spamassassin.org Signing Key
<re...@spamassassin.org>" imported
gpg: key F7D39814: public key "SpamAssassin Project Management Committee
<pr...@spamassassin.apache.org>" imported
gpg: key 54A2ACF1: public key "Warren Togami (Work) <wt...@redhat.com>"
imported
gpg: Total number processed: 5
gpg: imported: 5 (RSA: 2)
gpg: no ultimately trusted keys found
[test@newcaprica ~]$ gpg --fingerprint
/home/test/.gnupg/pubring.gpg
-----------------------------
pub 1024D/265FA05B 2003-06-09
Key fingerprint = 26C9 00A4 6DD4 0CD5 AD24 F6D7 DEE0 1987 265F A05B
uid SpamAssassin Signing Key <re...@spamassassin.org>
sub 1024D/FC51569B 2003-08-21
pub 1024D/298BC7D0 2004-10-10 [expires: 2024-10-05]
Key fingerprint = 1368 71CE 3627 9CD3 FA1B 0B63 3091 7972 298B C7D0
uid Justin Mason <jm...@jmason.org>
sub 2048g/FDFC3EDC 2004-10-10 [expires: 2024-10-05]
pub 4096R/5244EC45 2005-12-20
Key fingerprint = 5E54 1DC9 59CB 8BAC 7C78 DFDC 4056 A61A 5244 EC45
uid updates.spamassassin.org Signing Key
<re...@spamassassin.org>
sub 4096R/24F434CE 2005-12-20
pub 4096R/F7D39814 2009-12-02
Key fingerprint = D809 9BC7 9E17 D7E4 9BC2 1E31 FDE5 2F40 F7D3 9814
uid SpamAssassin Project Management Committee
<pr...@spamassassin.apache.org>
uid SpamAssassin Signing Key (Code Signing Key, replacement
for 1024D/265FA05B) <de...@spamassassin.apache.org>
sub 4096R/7B3265A5 2009-12-02
pub 1024D/54A2ACF1 2002-11-25
Key fingerprint = 785A 304B 08C1 F291 F54F 9A68 6BDD FE8E 54A2 ACF1
uid Warren Togami (Work) <wt...@redhat.com>
uid Warren Togami (Linux) <wa...@togami.com>
sub 2048g/4AD75982 2002-11-25
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #19 from Justin Mason <jm...@jmason.org> 2010-01-19 04:26:41 UTC ---
(In reply to comment #18)
> > Perhaps the release announcement ahould be amended to tell people to get the
> > new release key from http://www.apache.org/dist/spamassassin/KEYS ? That way
> > anyone who is careful about checking will be up to date before they get as far
> > as looking at rules/sa-update.txt.
>
> I'll change the release announcement as you suggested on the dev list.
actually, that probably is unnecessary. see bug 6292.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P1 |P2
--- Comment #6 from Justin Mason <jm...@jmason.org> 2009-12-22 04:03:19 UTC ---
this doesn't need to block any RCs
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard| |needs 2 votes
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Priority|P5 |P1
--- Comment #4 from Justin Mason <jm...@jmason.org> 2009-03-29 13:26:04 PST ---
this has been open for ages, but it'd be very good to fix (and isn't a code
change). Accordingly I'm going to take the lack of negative votes as approval
and act on this in a day or two. speak up now if you're not keen.
note btw that no change to the existing keys, used for signing, is involved;
it's just changes to their surrounding web of trust, and the "KEYS" files on
the distribution sites (iirc).
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] key infrastructure for sa-update is not properly specified
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Matus UHLAR - fantomas <uh...@fantomas.sk> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |uhlar@fantomas.sk
--- Comment #1 from Matus UHLAR - fantomas <uh...@fantomas.sk> 2008-08-07 00:45:45 PST ---
I just downgraded gnupg 2.0.9 to 2.0.7 because of this problem. It works, but I
think that the proposed scheme is better way to go, therefore I sign under this
bug...
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Sidney Markowitz <si...@sidney.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|needs 2 votes |needs 1 vote
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #16 from Sidney Markowitz <si...@sidney.com> 2010-01-18 17:03:21 UTC ---
+1
You didn't add a mention of the two locations where the file can be found as I
suggested in comment #10, but that was just a suggestion.
However, I see that you cut the final 3.3.0 tarball before committing this. Is
it really ok to have rules/sa-update.txt say that the release key is different
from the one used to sign the release?
Perhaps the release announcement ahould be amended to tell people to get the
new release key from http://www.apache.org/dist/spamassassin/KEYS ? That way
anyone who is careful about checking will be up to date before they get as far
as looking at rules/sa-update.txt.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #47 from Sidney Markowitz <si...@sidney.com> 2011-06-07 01:22:17 UTC ---
(In reply to comment #43)
Whoever has the karma to change your [NoCLA] flag here should know where to
look up the list of people who have submitted a CLA. Thanks.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] key infrastructure for sa-update is not properly specified
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
Target Milestone|Undefined |3.2.6
--- Comment #2 from Justin Mason <jm...@jmason.org> 2008-08-07 01:41:48 PST ---
here's what those keys look like:
: jm 78...; gpg -v rules/sa-update-pubkey.txt
gpg: armor header: Version: GnuPG v1.4.2 (SunOS)
pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key
<re...@spamassassin.org>
sig 5244EC45 2005-12-20 [selfsig]
sub 4096R/24F434CE 2005-12-20
sig 5244EC45 2005-12-20 [keybind]
sig 5244EC45 2008-01-10 [keybind]
: jm 79...; wget http://www.apache.org/dist/spamassassin/KEYS
--09:23:57-- http://www.apache.org/dist/spamassassin/KEYS
=> `KEYS'
Resolving www.apache.org... 140.211.11.130
Connecting to www.apache.org|140.211.11.130|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2,269 (2.2K) [text/plain]
100%[===========================================================>] 2,269
--.--K/s
09:23:58 (78.24 MB/s) - `KEYS' saved [2269/2269]
: jm 80...; gpg -v KEYS
gpg: armor header: Version: GnuPG v1.2.5 (FreeBSD)
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
<re...@spamassassin.org>
sig 265FA05B 2003-08-21 [selfsig]
sig E580B363 2003-08-21 Theo Van Dinter <fe...@kluge.net>
uid SpamAssassin Signing Key
<sp...@lists.sourceforge.net>
rev 265FA05B 2004-08-16 [selfsig]
sig 265FA05B 2003-06-09 [selfsig]
sig E580B363 2003-06-09 Theo Van Dinter <fe...@kluge.net>
sig 8C80C35F 2003-06-09 Rod Begbie <ro...@null.net>
sig 6E58EF0A 2003-08-21 [User ID not found]
ok, fair point -- those keys don't sign each other. I've fixed that now with
the following KEYS file (attached), which looks like this:
: jm 94...; gpg -v KEYS
gpg: armor header: Version: GnuPG v1.4.7 (FreeBSD)
pub 1024D/265FA05B 2003-06-09 SpamAssassin Signing Key
<re...@spamassassin.org>
sig 265FA05B 2003-08-21 [selfsig]
sig E580B363 2003-08-21 Theo Van Dinter <fe...@kluge.net>
sig ADD4C933 2004-05-09 [User ID not found]
sig 677BA1EC 2004-09-30 [User ID not found]
sig E213B692 2004-09-30 [User ID not found]
sig 5DC3F473 2004-09-30 [User ID not found]
sig 298BC7D0 2008-08-07 Justin Mason <jm...@jmason.org>
uid SpamAssassin Signing Key
<sp...@lists.sourceforge.net>
rev 265FA05B 2004-08-16 [selfsig]
sig 265FA05B 2003-06-09 [selfsig]
sig E580B363 2003-06-09 Theo Van Dinter <fe...@kluge.net>
sig 8C80C35F 2003-06-09 Rod Begbie <ro...@null.net>
sig 6E58EF0A 2003-08-21 [User ID not found]
sub 1024D/FC51569B 2003-08-21
sig 265FA05B 2003-08-21 [keybind]
pub 1024D/E580B363 1997-11-09 Theo Van Dinter <fe...@kluge.net>
sig 27A914E6 2003-03-17 [User ID not found]
sig 8514CC32 2003-03-17 [User ID not found]
sig 9CFB830A 2002-11-05 [User ID not found]
sig E580B363 2002-10-09 [selfsig]
sig E580B363 1997-11-09 [selfsig]
uid Theo Van Dinter <tv...@bblisa.org>
sig 8514CC32 2003-03-17 [User ID not found]
sig 9CFB830A 2002-11-05 [User ID not found]
sig E580B363 2002-10-09 [selfsig]
uid Theo Van Dinter <fe...@mkrdns.org>
sig 8514CC32 2003-03-17 [User ID not found]
sig 9CFB830A 2002-11-05 [User ID not found]
sig E580B363 2002-10-09 [selfsig]
uid Theo Van Dinter <fe...@spamassassin.org>
sig E580B363 2003-06-17 [selfsig]
sub 3072g/B9B33054 1997-11-09
sig E580B363 1997-11-09 [keybind]
gpg: NOTE: signature key 6E58EF0A expired Sun Oct 10 14:08:04 2004 IST
pub 1024D/6E58EF0A 1999-10-12 Justin Mason <jm...@jmason.org>
sig 6E58EF0A 1999-10-12 [selfsig]
sub 1024g/98472126 1999-10-12 [expires: 2004-10-10]
sig 6E58EF0A 1999-10-12 [keybind]
pub 1024D/8C80C35F 1997-08-15 rOD Begbie <rO...@begbie.com>
sig 4C96375D 2001-03-26 [User ID not found]
sig 6AA10B91 2001-03-26 [User ID not found]
sig 8C80C35F 2001-03-26 [selfsig]
sig 6614AC87 2003-06-03 [User ID not found]
uid Rod Begbie <ro...@null.net>
sig 4C96375D 1997-08-15 [User ID not found]
sig 8C80C35F 1997-08-15 [selfsig]
uid Rod Begbie <rb...@sapient.com>
sig 8C80C35F 1999-04-26 [selfsig]
uid rOD Begbie <rO...@arsecandle.org>
sig 8C80C35F 2001-05-16 [selfsig]
sig 6614AC87 2003-06-03 [User ID not found]
uid rOD Begbie <rb...@skginc.net>
sig 4C96375D 2001-03-26 [User ID not found]
sig 8C80C35F 2001-03-26 [selfsig]
sig 6AA10B91 2001-03-26 [User ID not found]
sig 6614AC87 2003-06-03 [User ID not found]
uid rOD Begbie <rO...@groovymother.com>
sig 8C80C35F 2003-08-05 [selfsig]
sub 2048g/57E8C6A1 1997-08-15
sig 8C80C35F 1997-08-15 [keybind]
pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key
<re...@spamassassin.org>
sig 5244EC45 2005-12-20 [selfsig]
sig 298BC7D0 2008-08-07 Justin Mason <jm...@jmason.org>
sig 265FA05B 2008-08-07 SpamAssassin Signing Key
<re...@spamassassin.org>
sub 4096R/24F434CE 2005-12-20
sig 5244EC45 2008-01-10 [keybind]
comments? committers, votes please, and I'll copy it to
http://www.apache.org/dist/spamassassin/KEYS , and update links to point to
that "official" keyring file.
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #14 from Warren Togami <wt...@redhat.com> 2010-01-18 15:43:18 UTC ---
[test@newcaprica tmp]$ gpg -v attachment.cgi\?id\=4646
gpg: armor header: Version: GnuPG v1.4.9 (GNU/Linux)
pub 4096R/5244EC45 2005-12-20 updates.spamassassin.org Signing Key
<re...@spamassassin.org>
sig 5244EC45 2005-12-20 [selfsig]
sig 298BC7D0 2008-08-07 [User ID not found]
sig 265FA05B 2008-08-07 [User ID not found]
sig 6CB1BC68 2008-05-12 [User ID not found]
sig 7DF1F870 2008-07-27 [User ID not found]
sig F7D39814 2010-01-16 SpamAssassin Project Management Committee
<pr...@spamassassin.apache.org>
sub 4096R/24F434CE 2005-12-20
sig 5244EC45 2005-12-20 [keybind]
sig 5244EC45 2008-01-10 [keybind]
pub 4096R/F7D39814 2009-12-02 SpamAssassin Signing Key (Code Signing Key,
replacement for 1024D/265FA05B) <de...@spamassassin.apache.org>
sig F7D39814 2009-12-02 [selfsig]
sig 265FA05B 2009-12-02 [User ID not found]
sig 54A2ACF1 2009-12-27 [User ID not found]
uid SpamAssassin Project Management Committee
<pr...@spamassassin.apache.org>
sig F7D39814 2009-12-02 [selfsig]
sig 54A2ACF1 2009-12-27 [User ID not found]
sub 4096R/7B3265A5 2009-12-02
sig F7D39814 2009-12-02 [keybind]
+1
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #46 from Darxus <Da...@ChaosReigns.com> 2011-06-07 00:38:27 UTC ---
(In reply to comment #43)
> Darxus, don't we need a CLA from you so we can accept patches?
1) No. http://wiki.apache.org/spamassassin/AboutClas Says a CLA is only
required for '"big" patches'.
2) I just received acknowledgement of receipt of my CLA from Apache. With the
same email address as this bugzilla account. Does something need to be done to
connect them?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #41 from Darxus <Da...@ChaosReigns.com> 2011-05-26 22:10:10 UTC ---
Created attachment 4907
--> https://issues.apache.org/SpamAssassin/attachment.cgi?id=4907
New KEYS / GPG.KEY / sa-update-pubkey.txt file
This file contains *only* the release signing key (F7D39814), the sa-updates
signing key (5244EC45), and the deprecated release signing key (265FA05B).
I agree it should be used to replace all three existing key files - KEYS,
GPG.KEY, and sa-update-pubkey.txt.
I think this file should only contain keys which are used to sign stuff for
SpamAssassin. If people want to check the signatures on these keys, all they
need to do to grab the signing keys is:
gpg -v KEYS | grep ^sig | awk '{print $2}' | xargs gpg --recv-keys
So this file should just be used to provide some authentication that these keys
are legitimate SpamAssassin signing keys.
This does not need to be coordinated with bug 6288.
Some related info can be found in bug 5775.
I wrote some related stuff a decade ago, which probably doesn't still work:
http://www.chaosreigns.com/code/sigtrace/
http://www.chaosreigns.com/code/sig2dot/debian.html
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Justin Mason <jm...@jmason.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|needs 1 vote |needs 2 votes
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Adam Katz <an...@khopis.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|needs 1 votes |
--- Comment #38 from Adam Katz <an...@khopis.com> 2011-05-11 02:28:15 UTC ---
forgot to vote: +1
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
--- Comment #43 from Sidney Markowitz <si...@sidney.com> 2011-06-03 21:36:01 UTC ---
+1 on Darxus' version. It's much cleaner, and I think I understand better what
is supposed to be in the KEYS file looking at that compared to all our attempts
to cut one. The
gpg -v KEYS | grep ^sig | awk '{print $2}' | xargs gpg --recv-keys
command line is handy in that it results in importing what you need so that
afterwards a simple gpg -v KEYS shows something that makes sense out of the
KEYS file.
Darxus, don't we need a CLA from you so we can accept patches?
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
[Bug 5924] [review] cross-sign GPG keys, have an official SA keyring
Posted by bu...@bugzilla.spamassassin.org.
https://issues.apache.org/SpamAssassin/show_bug.cgi?id=5924
Sidney Markowitz <si...@sidney.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status Whiteboard|can be committed |Needs 2 votes Needs commit
| |to trunk
--
Configure bugmail: https://issues.apache.org/SpamAssassin/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.