[tor-bugs] #11212 [- Select a component]: Can't verify signature because ASC file is nowhere to be found

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Mar 16 05:08:04 UTC 2014

#11212: Can't verify signature because ASC file is nowhere to be found
 Reporter:  lido.shuffles         |          Owner:
     Type:  defect                |         Status:  new
 Priority:  major                 |      Milestone:
Component:  - Select a component  |        Version:
 Keywords:                        |  Actual Points:
Parent ID:                        |         Points:
 Self explanatory. Why the hell would you state this in the directions:

 "Verifying the XPI

 The TorBirdy XPI is signed by Jacob Appelbaum with the key 0x1245F783. As
 an example, verifying the current stable release of TorBirdy:

 $ gpg --verify torbirdy-current.xpi.asc torbirdy-current.xpi
 gpg: Signature made Mon 04 Nov 2013 06:43:51 AM EST using RSA key ID
 gpg: Good signature from "Jacob Appelbaum (offline long term identity key)
 <jacob at appelbaum.net>"
 gpg:                 aka "Jacob Appelbaum (offline long term identity key)
 <jacob at torproject.org>"
 gpg: WARNING: This key is not certified with a trusted signature!
 gpg:          There is no indication that the signature belongs to the
 Primary key fingerprint: 228F AD20 3DE9 AE7D 84E2  5265 CF9A 6F91 4193
      Subkey fingerprint: E729 FE2D EE92 DB51 1AC9  FF91 590C 7D91 1245

 Instructions for verifying the XPI on Windows and OS X are available on
 the ​verifying signatures page. "

 .....but have no download available anywhere for the ASC file?

Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11212>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list