Nam Su <namfree123@xxxxxxxxx> wrote: > When I tried to verify signatures with GPA, gpg frontend, it was failed. > I download Tor packages in torproject.org https version. > > Strangely, when I tried to verify with GPG command line, it was success. Using gpg directly seems to be the recommended way: https://www.torproject.org/docs/verifying-signatures.html.en > Is it tor's asc file problem? Or is it GPA bug so should I report this > problem to GPA project? My feeling is like headache. Without knowing the error message you got from GPA it's impossible to tell what's going on and reporting any problem to the GPA project is probably premature. I'm not familiar with GPA but as long as gpg itself confirms that the signature is valid and the gpg binary came from a trustworthy source, I wouldn't worry about the GPA issue unless the error message explicitly tells you that the signature is invalid and not just that it can't be verified (for example due to missing the public key). Fabian
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk