[tor-talk] TBB 3.5.3 signatures messing

Thu, 20 Mar 2014 11:12:11 -0700 

I download the files:

https://www.torproject.org/dist/torbrowser/3.5.3/sha256sums.txt
https://www.torproject.org/dist/torbrowser/3.5.3/sha256sums.txt-mikeperry.asc
https://www.torproject.org/dist/torbrowser/3.5.3/tor-browser-linux64-3.5.3_en-US.tar.xz.asc
https://www.torproject.org/dist/torbrowser/3.5.3/tor-browser-linux64-3.5.3_en-US.tar.xz

Previous version files are missing:

sha256sums.txt-erinn.asc
sha256sums.txt-linus.asc


I run the script:

########
#! /bin/bash

echo "" | cat - > file.txt

sha256sum -c sha256sums.txt 2>&1 | grep OK >> file.txt

echo >> file.txt

for a in sha256*.asc ; do 
 gpg --verify $a sha256sums.txt >> file.txt 2>&1 ; 
 echo >> file.txt
done

echo >> file.txt

gpg --verify tor-browser-linux64*.asc >> file.txt 2>&1

echo >> file.txt
#########

Running less file.txt I can see a singnatures mess: 

gpg: Signature made Wed 19 Mar 2014 09:25:30 PM MSK using RSA key ID 63FEE659
gpg: Good signature from "Erinn Clark <er...@torproject.org>"
gpg:                 aka "Erinn Clark <er...@debian.org>"
gpg:                 aka "Erinn Clark <er...@double-helix.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8738 A680 B84B 3031 A630  F2DB 416F 0610 63FE E659


gpg: Signature made Wed 19 Mar 2014 09:26:01 PM MSK using RSA key ID 63FEE659
gpg: Good signature from "Erinn Clark <er...@torproject.org>"
gpg:                 aka "Erinn Clark <er...@debian.org>"
gpg:                 aka "Erinn Clark <er...@double-helix.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8738 A680 B84B 3031 A630  F2DB 416F 0610 63FE E659

I check "mikeperry" signature manually:

gpg --verify sha256sums.txt-mikeperry.asc sha256sums.txt

gpg: Signature made Wed 19 Mar 2014 09:25:30 PM MSK using RSA key ID 63FEE659
gpg: Good signature from "Erinn Clark <er...@torproject.org>"
gpg:                 aka "Erinn Clark <er...@debian.org>"
gpg:                 aka "Erinn Clark <er...@double-helix.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg:          There is no indication that the signature belongs to the owner.
Primary key fingerprint: 8738 A680 B84B 3031 A630  F2DB 416F 0610 63FE
E659

Why Mike Perry signature displayed as Erinn?
Where is the other signatures? 
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Reply via email to