Opened 6 years ago

Closed 5 years ago

#13273 closed defect (fixed)

Clarify verifying-signatures.html for builds not signed by erinn

Reported by: seeess Owned by:
Priority: Very Low Milestone:
Component: Webpages/Website Version:
Severity: Normal Keywords: gpg public key not found
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


I downloaded tor- with the .asc and tried to verify them.

Clicking the "what's this" next to the asc file brings me to

That site is only focused on tor browser builds and says
"Erinn Clark signs the Tor Browser Bundles. Import her key..."

I must've missed the "tor browser" part and assumed erinn signed all builds. Following the instructions gives me

gpg --verify tor- tor-
gpg: Signature made Tue 23 Sep 2014 01:47:29 AM UTC using RSA key ID 19F78451
gpg: Can't check signature: public key not found

The problem is it looks like roger signs the alpha builds. I figured this out googling around and finding

Suggested fix:
Mention the "public key not found" error on verifying-signatures.html, instruct users to download roger's key.

and/or have a different "what's this" page linked next to the alpha builds (and anything else erinn doesn't sign)

Child Tickets

Change History (1)

comment:1 Changed 5 years ago by Sebastian

Resolution: fixed
Severity: Normal
Status: newclosed

The page got a major rework in the meantime, maybe it's better now

Note: See TracTickets for help on using tickets.