Security-officer PGP Key?
Simon L. Nielsen
simon at FreeBSD.org
Tue Aug 5 19:39:37 UTC 2003
On 2003.08.05 12:18:04 -0700, Dave Tweten wrote:
> I just received a PGP signed message, supposedly from
> security-officer at freebsd.org, for which I did not have the matching public
> key. Reflexively, I fetched it, and then began looking into it with an
> eye toward signing it so PGP would no longer call it "untrusted."
>
> To my shock, I found I had two public keys for security-officer, one
> vintage 4/22/1996,
From:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pgpkeys.html#PGPKEYS-OFFICERS
pub 1024D/CA6CDFB2 2002-08-27 FreeBSD Security Officer <security-officer at FreeBSD.org>
Key fingerprint = C374 0FC5 69A6 FBB1 4AED B131 15D6 8804 CA6C DFB2
sub 2048g/A3071809 2002-08-27
pub 1024R/73D288A5 1996-04-22 FreeBSD Security Officer (Deprecated key) <security-officer at freebsd.org>
Key fingerprint = 41 08 4E BB DB 41 60 71 F9 E5 0E 98 73 AF 3F 11
uid FreeBSD Security Officer <security-officer at freebsd.org>
I just checked that the the announcment I recieved was signed with
CA6CDFB2 which is listed as the current key. The new key CA6CDFB2 is,
among others, signed by the old key 73D288A5.
> My next step was to check the list of valid keys at the back of the
> FreeBSD Handbook. Further shock. It lists the 4/22/1996 key and not the
> more recent one just downloaded. I immediately deleted the more recent
> key, and drafted this message.
Which exact handbook version are you refering to? Everything looks
OK to me.
--
Simon L. Nielsen
FreeBSD Documentation Team
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-doc/attachments/20030805/9031b211/attachment.sig>
More information about the freebsd-doc
mailing list