Opened 5 years ago

Closed 2 months ago

#15045 closed enhancement (wontfix)

Stress importance of checking 63fee659 signature on new signing key

Reported by: martingale Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: signing key switch
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


With the release of version 4.0.4 of the browser bundle, the signing key was changed to 0x4E2C6E8793298290. I think it is important to stress that if a user had already established a trust chain for Erinn's key 0x416F061063FEE659, then the user should check that Erinn's key signed the new signing key.

I suggest a message should be included in a blog post quickly telling this to users and perhaps giving the quick command gpg --check-sigs 0x4E2C6E8793298290.

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by martingale

Type: defectenhancement

comment:2 Changed 5 years ago by arma

Component: BlogTor Browser
Owner: set to tbb-team

Moving to a category where the folks who might write that text in the blog posts might notice it.

comment:3 Changed 4 years ago by wahabe89

Severity: Normal

je veux des carts bankair riche

comment:4 Changed 2 months ago by sysrqb

Resolution: wontfix
Status: newclosed


Note: See TracTickets for help on using tickets.