[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #22637 [Webpages/Website]: Find a more maintainable approach for the signing-keys page

Subject: [tor-bugs] #22637 [Webpages/Website]: Find a more maintainable approach for the signing-keys page
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 16 Jun 2017 17:07:50 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 16 Jun 2017 13:07:58 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#22637: Find a more maintainable approach for the signing-keys page
----------------------------------+-----------------
     Reporter:  arma              |      Owner:
         Type:  defect            |     Status:  new
     Priority:  Medium            |  Milestone:
    Component:  Webpages/Website  |    Version:
     Severity:  Normal            |   Keywords:
Actual Points:                    |  Parent ID:
       Points:                    |   Reviewer:
      Sponsor:                    |
----------------------------------+-----------------
 Right now we have this page:
 https://www.torproject.org/docs/signing-keys
 which is supposed to provide an official set of keys that have signed
 various Tor packages in the past.

 We pointed to it from
 https://www.torproject.org/docs/verifying-signatures
 among other places.

 But people keep generating new subkeys, so the text on that page goes out
 of date after a month or so.

 We should come up with a better way to distribute these keys, in a way
 that provides good enough authenticity while being easy to automate.

 Maybe that's a script that gets run every so often to generate the page
 automatically? Maybe that's creating a gpg keyring with the right keys on
 it, and getting rid of the webpage?

 We can think of this as part of the grand website redo, but also we can
 think of it as a bitesized improvement that needs to be made and can be
 independent of the grand website redo.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22637>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #22637 [Webpages/Website]: Find a more maintainable approach for the signing-keys page
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #22453 [Core Tor/Tor]: We should rip out the bandwidth self-test
Next by Author: Re: [tor-bugs] #22485 [Applications/Tor Browser]: Add non-javascript versions of DuckDuckGo to Omnibox
Previous by thread: Re: [tor-bugs] #15272 [Core Tor/Tor]: Think of more research questions that we can answer with statistics
Next by thread: Re: [tor-bugs] #22637 [Webpages/Website]: Find a more maintainable approach for the signing-keys page
Index(es):
- Author
- Thread