Thank you for your email, this is very helpul. I'm copying the open office project team for their information.
Ross -----Original Message----- From: tensizes [mailto:tensi...@gmail.com] Sent: Wednesday, June 3, 2015 12:44 PM To: d...@community.apache.org Subject: Source signed by someone not on your list Hi, This is a security heads-up. After downloading the latest release of Apache Open Office and checking the key, I found it was signed by someone not on your published KEYS file list of contributors, someone named Jeurgen Schmidt His/her pgp key id is 51B5FDE8 The release file is from mirror http://mirrors.gigenet.com Filename: apache-openoffice-4.1.1-r1617669-src.tar.bz2 Either Jeurgen Schmidt has been left off of your list, or they have been signing sources without permission. Thanks for your development efforts, tensizes
