[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-relays] Tor download signatures
OK, perhaps I have missed "the how" and "which" somewhere, but which
signature am I supposed to verify the new Tor 0.2.5.3 tarball against? I
tried the ones mentioned on Tor signing page and none seem to stick. A
typical message is:
# gpg --verify tor-0.2.5.3-alpha.tar.gz{.asc,}
gpg: Signature made Sun 23 Mar 2014 02:40:49 AM UTC using RSA key ID
8D29319A
gpg: Good signature from "Nick Mathewson <nickm@xxxxxxxxxxxx>"
gpg: aka "Nick Mathewson <nickm@xxxxxxxxxxx>"
gpg: aka "Nick Mathewson <nickm@xxxxxxxxxxxxx>"
gpg: aka "[jpeg image of size 3369]"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
owner.
Primary key fingerprint: B35B F85B F194 89D0 4E28 C33C 2119 4EBB 1657 33EA
Subkey fingerprint: EF00 F369 1387 FCC5 8CD6 8E13 9103 97D8 8D29 319A
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays