[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-project] Expanding our people page
- To: tor-project@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-project] Expanding our people page
- From: Felipe Dau <dau@xxxxxxxxxx>
- Date: Fri, 14 Jul 2017 03:53:35 +0000
- In-reply-to: <CAJdkzEN2NL-uG__3KpAEvgwbsyY8fGeuNo+179=TWokvF29WdA@mail.gmail.com>
- List-id: "Moderated discussion list for tor contributors." <tor-project.lists.torproject.org>
- References: <CAJdkzEOicSqDHpuzioNcy6bWk5h_rL0-2mzSQ0=0_GT1UdRrSw@mail.gmail.com> <CAJdkzEN2NL-uG__3KpAEvgwbsyY8fGeuNo+179=TWokvF29WdA@mail.gmail.com>
- Reply-to: tor-project@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-project" <tor-project-bounces@xxxxxxxxxxxxxxxxxxxx>
On Thu, Jul 13, 2017 at 11:00:01AM -0700, Damian Johnson wrote:
> Hi everyone! If you haven't already please check your pgp key on...
>
> https://www.torproject.org/about/corepeople_alternate.html.en
>
> The one I initially pulled from the MIT keyserver for Roger turned out
> to be a fake. For folks who sent me an attachment with their public
> key I used that, but for everybody else I simply snagged what I could
> find. Feel free to shoot me a copy of your public key if you want to
> be extra sure it's right.
Maybe not too related to this, but it would be great if a similar work
was done to the "Verify package signatures" [0] and "Signing keys" [1]
pages. Making some integration to db.torproject.org may be too much
work, but just reviewing those and using long key ids would be nice.
Among the short key ids in [1] is Roger's and that makes it easy for
people to get the fake one by distraction.
P.S. Great work on the people page, Damian!
Thanks,
-Felipe
[0]: https://www.torproject.org/docs/verifying-signatures.html.en
[1]: https://www.torproject.org/docs/signing-keys.html.en
_______________________________________________
tor-project mailing list
tor-project@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-project