[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-dev] Fraudulent PGP key with my email address (CEE1590D)



Hello everyone,

I discovered that there is a key out there (CEE1590D) associated with my Tor
email address that is NOT me. I don't know who generated it, but I can think of
many nefarious or incompetent reasons why they might have done it.

This email is for two purposes:

1. To inform you that this is NOT MY KEY. Do not under any circumstances trust
anything that may have ever been signed or encrypted with this key. I looked
around and was unable to find anything, but nonetheless, it is out there and
that is creepy.

2. If anyone on any of these lists has encountered this key anywhere -- the
main fear being that it has been used to fraudulently sign packages of some
kind -- can you please let me/us know ASAP?

Tor Project official signatures are listed here: 
https://www.torproject.org/docs/signing-keys.html.en

Consider that the canonical source for all signatures! Be suspicious of
anything not listed there and let us know if you ever find anything.

Thanks,
The Real Erinn

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev