[tor-bugs] #3379 [GetTor]: GetTor reply omits GPG instructions
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Jun 11 01:48:15 UTC 2011
#3379: GetTor reply omits GPG instructions
----------------------+-----------------------------------------------------
Reporter: rransom | Owner:
Type: defect | Status: new
Priority: critical | Milestone:
Component: GetTor | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by rransom):
Replying to [ticket:3379 rransom]:
>
{{{
The output should look somewhat like this:
gpg: Good signature from 'Roger Dingledine <arma at mit.edu>'
}}}
The message contains Roger's user ID, even if the package attached to it
is signed by (for example) Erinn.
nickm suggests that the GetTor message not use the user ID of any real key
in its example, because then users will trust that user ID to sign the
package. I don't know what would be better, though; users who need to use
GetTor can't read [https://www.torproject.org/docs/verifying-signatures
our verifying-signatures page].
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3379#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list