Opened 16 months ago

Closed 16 months ago

Last modified 15 months ago

#31168 closed task (fixed)

audit openpgp keys for flooding

Reported by: anarcat Owned by: hiro
Priority: Medium Milestone:
Component: Webpages/Website Version:
Severity: Normal Keywords:
Cc: traumschule, trac-dip-importer Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


some OpenPGP keys used by the tor project might have been flooded alongside other keys in the network. make sure we don't point to those keys anywhere in the documentation and provide our users with sane keys that will not make GnuPG explode on their computers.

known bad:

Child Tickets

Change History (7)

comment:1 Changed 16 months ago by anarcat

a workaround is implemented through WKD in #31184, so this is just a matter of making sure we don't link to bad keys in the live docs.

comment:2 Changed 16 months ago by weasel

2019.www.tpo is an *archive* of the *old* website. It should not be changed.

If anything, we might want to set it to send a noindex robots header

comment:3 Changed 16 months ago by arma

I hear that the tor browser signing key will soon be reachable from

It would be a good idea to point to that location rather than giving people instructions to get a broken key from a broken keyserver.

comment:4 Changed 16 months ago by pili

The instructions to verify signatures are actually outlined in the support portal:

We probably want to:

  1. Remove the link to ​ from the support portal page

(1.a.) Replace the above link with another link/the correct content

  1. Update the "verify signature" instructions to not point to

comment:5 Changed 16 months ago by ggus

Ok, submmitted a merge request fixing Pili's 1 and 2.

comment:6 Changed 16 months ago by emmapeel

Resolution: fixed
Status: newclosed

merged, thanks!

comment:7 Changed 15 months ago by anarcat

i think the only thing that might remain here are the *other* signing keys listed in the 2019 document, but i guess we can live with that for now...

Note: See TracTickets for help on using tickets.