[exim-announce] Exim 4.82 forthcoming; PGP signature details

Top Page

Reply to this message
Author: Phil Pennock
Date:  
To: exim-announce
Subject: [exim-announce] Exim 4.82 forthcoming; PGP signature details
Folks,

This is a prior notice email to permit postmasters to preload PGP keys
needed for validating the next Exim release.

Two of the exim.org team members, Todd Lyons and Jeremy Harris, shall
soon start the work of cutting the Exim 4.82 release and beginning the
RC series.

We currently expect that the 4.82 Release Candidates, final Release, and
announcement message shall be PGP signed using Todd's key:

0xC4F4F94804D29EBA

This key is in the PGP strong set, although it does not at time of
writing include any signatures directly from any other @exim.org UIDs.
There is a trust path from my key to Todd's via a key belonging to Phil
Dibowitz, 0x3795E8C5A1E732BB.

For the record: I know Mr Dibowitz as a former colleague, he is very
security conscious and does not issue PGP signatures without diligent
checking. He's the author of the PGP tutorial documentation available
at <http://phildev.net/pgp/> and is one of the few people to whose keys
I assign a GnuPG trust ranking of '4'. Thus I have a high degree of
confidence in this trust path.

You can retrieve Todd's key from any of the normal PGP keyservers; for
instance:

http://ha.pool.sks-keyservers.net:11371/pks/lookup?op=vindex&search=0xC4F4F94804D29EBA

(click on the keyid in the "pub" line at the top).

This Exim release is long overdue and I'd like to take this opportunity
to thank Todd and Jeremy for stepping up to make it happen.

Regards,
- -Phil Pennock