Sign Tor Browser releases with an OpenPGP tool that includes Issuer Fingerprint subpackets

#31292 (moved) has details about the issue. This ticket is for the Tor Browser signatures, while #31292 (moved) is for the Tor source tarballs signatures.

added GeorgKoppen202006 TorBrowserTeamTriaged component::applications/tor browser owner::gk priority::medium severity::normal status::assigned tbb-sign type::task labels

Hrm, seems we need a newer GnuPG version on our signing machine... :(

I don't know what your signing machine is running, but over in #31292 (moved), nickm suggests that on some older version of fedora, gpg is just the 1.4 series, while gpg2 is the more modern version. Perhaps you just need to invoke it as gpg2?

Trac:
Keywords: N/A deleted, tbb-sign added

Trac:
Keywords: N/A deleted, TorBrowserTeamTriaged added

Let's revisit that during our work on #33169 (moved).

Trac:
Status: new to assigned
Owner: tbb-team to gk
Keywords: N/A deleted, GeorgKoppen202004 added
Cc: dkg to dkg, tbb-team

Moving my tickets to May.

Trac:
Keywords: GeorgKoppen202004 deleted, GeorgKoppen202005 added

Moving my tickets.

Trac:
Keywords: GeorgKoppen202005 deleted, GeorgKoppen202006 added

moved to tpo/applications/tor-browser#31294 (moved)