On 02/26/2015 03:02 PM, andre76@xxxxxxxxxxx wrote: > Is there anything that's wrong about the gpg verification performed on > the version 4.0.4 as seen in the text below? > It's quite different from previous Tor versions. No Erinn Clark. > > > > $ gpg --verify tor-browser-linux32-4.0.4_en-US.tar.xz.asc > gpg: Signature made Wed 25 Feb 2015 02:54:55 AM EST using RSA key ID > F65C2036 > gpg: Good signature from "Tor Browser Developers (signing key) > <torbrowser@xxxxxxxxxxxxxx>" > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 > 8290 > Subkey fingerprint: 5242 013F 02AF C851 B1C7 36B8 7017 ADCE F65C > 2036 > Hi, please read https://blog.torproject.org/blog/tor-browser-404-released Tor Browser is signed with a different key. You should the new public key in order to verify the signatures. gpg --recv-keys 'EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290'
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk