OK, perhaps I have missed "the how" and "which" somewhere, but which signature am I supposed to verify the new Tor 0.2.5.3 tarball against? I tried the ones mentioned on Tor signing page and none seem to stick. A typical message is:
# gpg --verify tor-0.2.5.3-alpha.tar.gz{.asc,}
gpg: Signature made Sun 23 Mar 2014 02:40:49 AM UTC using RSA key ID 8D29319A gpg: Good signature from "Nick Mathewson nickm@alum.mit.edu" gpg: aka "Nick Mathewson nickm@wangafu.net" gpg: aka "Nick Mathewson nickm@freehaven.net" gpg: aka "[jpeg image of size 3369]" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: B35B F85B F194 89D0 4E28 C33C 2119 4EBB 1657 33EA Subkey fingerprint: EF00 F369 1387 FCC5 8CD6 8E13 9103 97D8 8D29 319A