id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
205	nginx-1.2.3.tar.gz signed with wrong key	Chris Riddoch	somebody	"The website shows that the following GPG key can be expected to be used for signing packages:

pub   2048R/7BD9BF62 2011-08-19 [expires: 2016-08-17]
uid                  nginx signing key <signing-key@nginx.com>

The actual signature is this:

gpg: Signature made Tue 07 Aug 2012 06:37:14 AM MDT using RSA key ID A1C052F8
gpg: Good signature from ""Maxim Dounin <mdounin@mdounin.ru>""
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: B0F4 2533 73F8 F6F5 10D4  2178 520A 9993 A1C0 52F8

I presume it's trustworthy anyway. ;)  Still, should be simple to fix.
"	defect	closed	major		nginx-package	1.2.x	wontfix	gpg signature			"nginx version: nginx/1.2.3
built by gcc 4.6.2 (SUSE Linux) 
"