Opened 6 months ago

Last modified 2 months ago

#31294 new task

Sign Tor Browser releases with an OpenPGP tool that includes Issuer Fingerprint subpackets

Reported by: boklm Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-sign, TorBrowserTeamTriaged
Cc: dkg Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


#31292 has details about the issue. This ticket is for the Tor Browser signatures, while #31292 is for the Tor source tarballs signatures.

Child Tickets

Change History (4)

comment:1 Changed 6 months ago by gk

Hrm, seems we need a newer GnuPG version on our signing machine... :(

comment:2 Changed 5 months ago by dkg

I don't know what your signing machine is running, but over in #31292, nickm suggests that on some older version of fedora, gpg is just the 1.4 series, while gpg2 is the more modern version. Perhaps you just need to invoke it as gpg2?

comment:3 Changed 2 months ago by gk

Keywords: tbb-sign added

comment:4 Changed 2 months ago by sysrqb

Keywords: TorBrowserTeamTriaged added
Note: See TracTickets for help on using tickets.