[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #11495 [Website]: Public Keys, Where Are They?: It Shouldn't Have To Be Asked.



#11495: Public Keys, Where Are They?: It Shouldn't Have To Be Asked.
-------------------------+---------------------
 Reporter:  cypherpunks  |          Owner:
     Type:  defect       |         Status:  new
 Priority:  normal       |      Milestone:
Component:  Website      |        Version:
 Keywords:               |  Actual Points:
Parent ID:               |         Points:
-------------------------+---------------------
 It is hella difficult to track down the keys used by devs to sign various
 packages, especially the betas and other random files.

 Obviously, keyserver? But no. Not all relevant keys seem to be on all the
 keyservers; for that matter, which keyserver/s ya got?

 Mike Perry has signed some betas recently and they don't seem to use his
 "regular use key" at torproject. That key is the only one at
 keys.gnupg.net that looks relevant. Additionally, who is this gk? I don't
 even care. But I want to have their key if it is being used for signing :/

 Anyway, it seems kind of pointless to offer .asc files that derive from
 pkeys that come from [?mystery?].

 Enough with the snark... my suggestion is that relevant pkeys be kept up
 to date, and published at
 http://idnxcnkne4qt76tg.onion/about/corepeople.html.<insert language here>

 Or that the relevant keyserver be published at that page. Or both, for
 redundancy.

 It might be meaningful to publish these only at the .onion version? Maybe
 that would be too much hassle.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11495>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs