Mention that the keys likely to have signed the distribution are now

[openssl.git] / FAQ

diff --git a/FAQ b/FAQ
index 463bc1e139668685b19e2d41f03e110fa9976aa5..fd354b3b40234701678cf99aca1b818835cd84b7 100644 (file)
--- a/FAQ
+++ b/FAQ
@@ -152,7 +152,8 @@ Use MD5 to check that a tarball from a mirror site is identical:
    md5sum TARBALL | awk '{print $1;}' | cmp - TARBALL.md5
 
 You can check authenticity using pgp or gpg. You need the OpenSSL team
-member public key used to sign it (download it from a key server). Then
+member public key used to sign it (download it from a key server, see a
+list of keys at <URL: http://www.openssl.org/about/>). Then
 just do:
 
    pgp TARBALL.asc