Mention that the keys likely to have signed the distribution are now

listed on the web site for easy finding and downloading
author: Mark J. Cox <mark@openssl.org> 2004-11-30 14:34:16 +0000
committer: Mark J. Cox <mark@openssl.org> 2004-11-30 14:34:16 +0000
commit: e6e1f4cb5e37f77fe61ff568dd2904f21ec5b82c (patch)
tree: 900fa6deb1b03fa437cd42aff736d23f5102349e /FAQ
parent: 5073ff03463a3e21f4acfcdcfa0c1eda64145007 (diff)
download: openssl-e6e1f4cb5e37f77fe61ff568dd2904f21ec5b82c.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/FAQ b/FAQ
index 463bc1e139..fd354b3b40 100644
--- a/FAQ
+++ b/FAQ
@@ -152,7 +152,8 @@ Use MD5 to check that a tarball from a mirror site is identical:
    md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
 
 You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server). Then
+member public key used to sign it (download it from a key server, see a
+list of keys at <URL: http://www.openssl.org/about/>). Then
 just do:
 
    pgp TARBALL.asc
author	Mark J. Cox <mark@openssl.org>	2004-11-30 14:34:16 +0000
committer	Mark J. Cox <mark@openssl.org>	2004-11-30 14:34:16 +0000
commit	e6e1f4cb5e37f77fe61ff568dd2904f21ec5b82c (patch)
tree	900fa6deb1b03fa437cd42aff736d23f5102349e /FAQ
parent	5073ff03463a3e21f4acfcdcfa0c1eda64145007 (diff)
download	openssl-e6e1f4cb5e37f77fe61ff568dd2904f21ec5b82c.tar.gz