[tor-relays] Tor download signatures
Tora Tora Tora
tor at allthatnet.com
Fri Mar 28 04:44:03 UTC 2014
OK, perhaps I have missed "the how" and "which" somewhere, but which
signature am I supposed to verify the new Tor 0.2.5.3 tarball against? I
tried the ones mentioned on Tor signing page and none seem to stick. A
typical message is:
# gpg --verify tor-0.2.5.3-alpha.tar.gz{.asc,}
gpg: Signature made Sun 23 Mar 2014 02:40:49 AM UTC using RSA key ID
8D29319A
gpg: Good signature from "Nick Mathewson <nickm at alum.mit.edu>"
gpg: aka "Nick Mathewson <nickm at wangafu.net>"
gpg: aka "Nick Mathewson <nickm at freehaven.net>"
gpg: aka "[jpeg image of size 3369]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: B35B F85B F194 89D0 4E28 C33C 2119 4EBB 1657 33EA
Subkey fingerprint: EF00 F369 1387 FCC5 8CD6 8E13 9103 97D8 8D29 319A
More information about the tor-relays
mailing list