[tor-bugs] #11495 [Website]: Public Keys, Where Are They?: It Shouldn't Have To Be Asked.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Apr 12 23:45:53 UTC 2014
#11495: Public Keys, Where Are They?: It Shouldn't Have To Be Asked.
-------------------------+---------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: normal | Milestone:
Component: Website | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-------------------------+---------------------
It is hella difficult to track down the keys used by devs to sign various
packages, especially the betas and other random files.
Obviously, keyserver? But no. Not all relevant keys seem to be on all the
keyservers; for that matter, which keyserver/s ya got?
Mike Perry has signed some betas recently and they don't seem to use his
"regular use key" at torproject. That key is the only one at
keys.gnupg.net that looks relevant. Additionally, who is this gk? I don't
even care. But I want to have their key if it is being used for signing :/
Anyway, it seems kind of pointless to offer .asc files that derive from
pkeys that come from [?mystery?].
Enough with the snark... my suggestion is that relevant pkeys be kept up
to date, and published at
http://idnxcnkne4qt76tg.onion/about/corepeople.html.<insert language here>
Or that the relevant keyserver be published at that page. Or both, for
redundancy.
It might be meaningful to publish these only at the .onion version? Maybe
that would be too much hassle.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11495>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list