Apply OpenPGP Best Practices for Tor Browser Developers Signing Key

See:

• https://we.riseup.net/riseuplabs+paow/openpgp-best-practices

See also:

• https://github.com/ioerror/torbirdy/pull/11
• https://raw.githubusercontent.com/ioerror/torbirdy/master/gpg.conf

Related to:

• #14625 (moved)
• #13407 (closed)

added component::applications/tor browser owner::tbb-team parent::13407 priority::medium resolution::invalid status::closed type::enhancement labels

What is the particular issue covered by this ticket? (btw your first link is out-of-date) I basically used these best practices with some tweaks for key generation.

The updated link is: https://help.riseup.net/en/security/message-security/openpgp/best-practices

There is nothing specific in this ticket. Just noticed, that the key has no expiration date (#14625 (moved)), and wondered if you are aware of this best practices document.

If you are already aware of cert-digest-algo stuff, "Generate a revocation certificate.", "Set a calendar event to remind you about your expiration date", and so forth, then nothing to do, can be closed.

Closing then as invalid.

Trac:
Status: new to closed
Resolution: N/A to invalid

closed

moved to tpo/applications/tor-browser#14626 (closed)