Mikeperry's TBB3.5 GPG signature is bad

https://www.torproject.org/dist/torbrowser/3.5/sha256sums.txt-mikeperry.asc

https://www.torproject.org/dist/torbrowser/3.5/sha256sums.txt

added component::applications/tor bundles/installation owner::phobos priority::high resolution::fixed status::closed type::defect labels

Confirmed, signature is bad.

$ gpg sha256sums.txt-mikeperry.asc 
Detached signature.
Please enter name of data file: sha256sums.txt
gpg: Signature made Tue Dec 17 09:52:34 2013 CET using RSA key ID 0E3A92E4
gpg: BAD signature from "Mike Perry (Regular use key) <mikeperry@torproject.org>"

Trac:
Cc: N/A to mikeperry

Trac:
Owner: N/A to erinn
Priority: normal to major
Component: - Select a component to Tor bundles/installation
Summary: Bad GPG signature to Mikeperry's TBB3.5 GPG signature is bad

That signature was apparently made on a binary file, not a text file. The signature type octet is 0x00, when for a text file it should be 0x01.

Ugh. I tried to fix this before the release and it looks like I failed.

https://people.torproject.org/~mikeperry/builds/3.5/sha256sums.txt.asc should have the correct signature.

It also looks like we still need to remove the old linus-sha256sums.txt.asc and mikeperry-sha256sums.txt.asc from https://archive.torproject.org/tor-package-archive/torbrowser/3.5/, especially since the latter will remain a bad sig otherwise.

I've fixed the torproject.org sig issue, but the files on archive are owned by phobos so I can't remove them.

phobos, can you: rm /srv/archive.torproject.org/tor-package-archive/torbrowser/3.5/{linus,mikeperry}-sha256sums.txt.asc ?

Trac:
Owner: erinn to phobos
Status: new to assigned

done.

Trac:
Status: assigned to closed
Resolution: N/A to fixed

closed