Opened 4 years ago

Closed 3 years ago

#1167 closed Bug / Defect (fixed)

Windows installer signatured with wrong private key?

Reported by: mosesofmason Owned by: Samuli Seppänen
Priority: critical Milestone:
Component: Packaging Version:
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:


The WINDOWS INSTALLER file [0] looks like signed by an unknown key instead of being signed with the "Security mailing list GPG key" as stated in the "GnuPG Public Key" page [2].

The current key signed the file is using RSA key 82175D35AA8D0E8BDE5F4F9E5DC351805ACFEAC6 which does not match the "Security mailing list GPG key". Please check if this is a mistake or a security exploit.


Change History (2)

comment:1 Changed 4 years ago by plaisthos

The security key gets rotated yearly (new subkey added). The page was forgotten to update. The gpg on the contact page ( is already updated. That page should be updated soon.

comment:2 Changed 3 years ago by Gert Döring

Resolution: fixed
Status: newclosed

Fixed in the meantime. Apologies for not providing quicker feedback.

Note: See TracTickets for help on using tickets.