Download pages doesn't provide signatures for packages
https://www.torproject.org/download/download.html.en has a "how to verify signatures" thing in the right navigation bar, but the actual signatures aren't linked. We need to link them.
https://www.torproject.org/download/download.html.en has a "how to verify signatures" thing in the right navigation bar, but the actual signatures aren't linked. We need to link them.
The easy way I tried to do it was to put the .asc link after each package, but that gets messy and confusing. Perhaps a new section entitled "signatures" with links to the signatures would be better.
After some more thought, I realized this is the exact same problem we had with the original download page. Too many links, too much clutter, and it was found to confuse everyone from novice users to security people.
The solution was the easy-download page, which forced everyone to pick an operating system and get whatever package we linked behind the image. Now we can push torbrowser everywhere from an easy download page. Or maybe someone has a better idea that comes with code/patches.
There, the download page provides signatures now.
Trac:
Resolution: N/A to fixed
Status: new to closed
closed
moved to tpo/web/trac#2057 (closed)