[tor-talk] Problem about verify signatures
Fabian Keil
freebsd-listen at fabiankeil.de
Sun Feb 24 10:41:56 UTC 2013
Nam Su <namfree123 at gmail.com> wrote:
> When I tried to verify signatures with GPA, gpg frontend, it was failed.
> I download Tor packages in torproject.org https version.
>
> Strangely, when I tried to verify with GPG command line, it was success.
Using gpg directly seems to be the recommended way:
https://www.torproject.org/docs/verifying-signatures.html.en
> Is it tor's asc file problem? Or is it GPA bug so should I report this
> problem to GPA project? My feeling is like headache.
Without knowing the error message you got from GPA it's impossible
to tell what's going on and reporting any problem to the GPA project
is probably premature.
I'm not familiar with GPA but as long as gpg itself confirms that
the signature is valid and the gpg binary came from a trustworthy
source, I wouldn't worry about the GPA issue unless the error message
explicitly tells you that the signature is invalid and not just that
it can't be verified (for example due to missing the public key).
Fabian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20130224/66f175e9/attachment.pgp>
More information about the tor-talk
mailing list