#20391: Invalid Nick Mathewson key in Tor Wiki ----------------------------------------+----------------- Reporter: tmpname0901 | Owner: Type: defect | Status: new Priority: Medium | Milestone: Component: Internal Services/Wiki | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ----------------------------------------+----------------- Page https://www.torproject.org/docs/signing-keys.html.en shows Nick Mathewson's old PGP key, not the current one. It is the current key that is used to sign the Tor source tarballs.
See here: http://www.wangafu.net/~nickm/key-transition-statement-2.txt.asc Also, since the Wiki page will be edited, it would be nice if instruction on using the Tor public key were on the page. When verifying the tarball I get this: $ gpg --verify tor-0.2.8.9.tar.gz.asc gpg: Signature made Mon 17 Oct 2016 08:16:09 PM UTC using RSA key ID 8D29319A gpg: Can't check signature: public key not found gpg: Signature made Mon 17 Oct 2016 08:16:09 PM UTC using RSA key ID 9E92B601 gpg: Good signature from "Nick Mathewson <ni...@alum.mit.edu>" gpg: aka "Nick Mathewson <ni...@wangafu.net>" gpg: aka "Nick Mathewson <ni...@torproject.org>" gpg: aka "Nick Mathewson <ni...@freehaven.net>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 2133 BC60 0AB1 33E1 D826 D173 FE43 009C 4607 B1FB Subkey fingerprint: 7A02 B352 1DC7 5C54 2BA0 1545 6AFE E6D4 9E92 B601 Note the "Can't check signature: public key not found" above. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20391> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs