On 02/26/2015 03:02 PM, andr...@fastmail.fm wrote: > Is there anything that's wrong about the gpg verification performed on > the version 4.0.4 as seen in the text below? > It's quite different from previous Tor versions. No Erinn Clark. > > > > $ gpg --verify tor-browser-linux32-4.0.4_en-US.tar.xz.asc > gpg: Signature made Wed 25 Feb 2015 02:54:55 AM EST using RSA key ID > F65C2036 > gpg: Good signature from "Tor Browser Developers (signing key) > <torbrow...@torproject.org>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 > 8290 > Subkey fingerprint: 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C > 2036 >
Hi, please read https://blog.torproject.org/blog/tor-browser-404-released Tor Browser is signed with a different key. You should the new public key in order to verify the signatures. gpg --recv-keys 'EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290'
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
