[or-cvs] r18041: {website} Start cleanup of the verifying signatures pages. Missing: Ja (website/trunk/en)

sebastian at seul.org sebastian at seul.org
Fri Jan 9 11:19:42 UTC 2009


Author: sebastian
Date: 2009-01-09 06:19:42 -0500 (Fri, 09 Jan 2009)
New Revision: 18041

Modified:
   website/trunk/en/verifying-signatures.wml
Log:
Start cleanup of the verifying signatures pages.

Missing: Jake's key. Also, I don't think people who haven't already
heard of PGP will have any idea what is going on here

Modified: website/trunk/en/verifying-signatures.wml
===================================================================
--- website/trunk/en/verifying-signatures.wml	2009-01-09 11:19:35 UTC (rev 18040)
+++ website/trunk/en/verifying-signatures.wml	2009-01-09 11:19:42 UTC (rev 18041)
@@ -20,7 +20,7 @@
 signing keys we use are Roger's (0x28988BF5) and Nick's (0x165733EA, or its
 subkey 0x8D29319A). Some binary packages may also be signed by Andrew's
 (0x31B0974B), Peter's (0x94C09C7F, or its subkey 0xAFA44BDD), or Matt's
-(0x5FA14861). See keyserver.noreply.org for details.</p>
+(0x5FA14861).</p>
 
 <p>You can import keys directly from GnuPG as well:</p>
 
@@ -65,16 +65,16 @@
 </pre>
 
 <p>(Of course if you want to be really certain that those are the real ones
-(this wiki could have been tampered with) then you should check this from more
-places or even better get into key signing and build a trust path to those
-keys.)</p>
+then you should check this from more places or even better get into key signing
+and build a trust path to those keys.)</p>
 
 <p>If you're using GnuPG, then put the .asc and the download in the same
-directory and type "gpg (whatever).asc". It will say something like "Good
-signature" or "BAD signature" using the following type of command:</p>
+directory and type "gpg --verify (whatever).asc (whatever)". It will say
+something like "Good signature" or "BAD signature" using the following type of
+command:</p>
 
 <pre>
-gpg --verify tor-0.1.0.17.tar.gz.asc
+gpg --verify tor-0.1.0.17.tar.gz.asc tor-0.1.0.17.tar.gz
 gpg: Signature made Wed Feb 23 01:33:29 2005 EST using DSA key ID 28988BF5
 gpg: Good signature from "Roger Dingledine <arma at mit.edu>"
 gpg:                 aka "Roger Dingledine <arma at mit.edu>"
@@ -88,8 +88,8 @@
 this user. This means that your program verified the key made that signature.
 It's up to the user to decide if that key really belongs to the developers. The
 best method is to meet them in person and exchange gpg fingerprints. Keys can
-also be signed. If you look up arma or nick's keys, other people have
-essentially said "we have verified this is arma/nick". So if you trust that
+also be signed. If you look up Roger or Nick's keys, other people have
+essentially said "we have verified this is Roger/Nick". So if you trust that
 third party, then you have a level of trust for that arma/nick.
 </p>
 



More information about the tor-commits mailing list