Opened 4 years ago

Last modified 3 years ago

#15045 new enhancement

Stress importance of checking 63fee659 signature on new signing key

Reported by: martingale Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: signing key switch
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

With the release of version 4.0.4 of the browser bundle, the signing key was changed to 0x4E2C6E8793298290. I think it is important to stress that if a user had already established a trust chain for Erinn's key 0x416F061063FEE659, then the user should check that Erinn's key signed the new signing key.

I suggest a message should be included in a blog post quickly telling this to users and perhaps giving the quick command gpg --check-sigs 0x4E2C6E8793298290.

Child Tickets

Change History (3)

comment:1 Changed 4 years ago by martingale

Type: defectenhancement

comment:2 Changed 4 years ago by arma

Component: BlogTor Browser
Owner: set to tbb-team

Moving to a category where the folks who might write that text in the blog posts might notice it.

comment:3 Changed 3 years ago by wahabe89

Severity: Normal

je veux des carts bankair riche

Note: See TracTickets for help on using tickets.