Public Keys, Where Are They?: It Shouldn't Have To Be Asked.
It is hella difficult to track down the keys used by devs to sign various packages, especially the betas and other random files.
Obviously, keyserver? But no. Not all relevant keys seem to be on all the keyservers; for that matter, which keyserver/s ya got?
Mike Perry has signed some betas recently and they don't seem to use his "regular use key" at torproject. That key is the only one at keys.gnupg.net that looks relevant. Additionally, who is this gk? I don't even care. But I want to have their key if it is being used for signing :/
Anyway, it seems kind of pointless to offer .asc files that derive from pkeys that come from [?mystery?].
Enough with the snark... my suggestion is that relevant pkeys be kept up to date, and published at http://idnxcnkne4qt76tg.onion/about/corepeople.html.
Or that the relevant keyserver be published at that page. Or both, for redundancy.
It might be meaningful to publish these only at the .onion version? Maybe that would be too much hassle.