[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Problem about verify signatures



Nam Su <namfree123@xxxxxxxxx> wrote:

> When I tried to verify signatures with GPA, gpg frontend, it was failed.
> I download Tor packages in torproject.org https version.
> 
> Strangely, when I tried to verify with GPG command line, it was success. 

Using gpg directly seems to be the recommended way:
https://www.torproject.org/docs/verifying-signatures.html.en

> Is it tor's asc file problem? Or is it GPA bug so should I report this
> problem to GPA project? My feeling is like headache.

Without knowing the error message you got from GPA it's impossible
to tell what's going on and reporting any problem to the GPA project
is probably premature.

I'm not familiar with GPA but as long as gpg itself confirms that
the signature is valid and the gpg binary came from a trustworthy
source, I wouldn't worry about the GPA issue unless the error message
explicitly tells you that the signature is invalid and not just that
it can't be verified (for example due to missing the public key).

Fabian

Attachment: signature.asc
Description: PGP signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk