#22637: Find a more maintainable approach for the signing-keys page ----------------------------------+----------------- Reporter: arma | Owner: Type: defect | Status: new Priority: Medium | Milestone: Component: Webpages/Website | Version: Severity: Normal | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ----------------------------------+----------------- Right now we have this page: https://www.torproject.org/docs/signing-keys which is supposed to provide an official set of keys that have signed various Tor packages in the past.
We pointed to it from https://www.torproject.org/docs/verifying-signatures among other places. But people keep generating new subkeys, so the text on that page goes out of date after a month or so. We should come up with a better way to distribute these keys, in a way that provides good enough authenticity while being easy to automate. Maybe that's a script that gets run every so often to generate the page automatically? Maybe that's creating a gpg keyring with the right keys on it, and getting rid of the webpage? We can think of this as part of the grand website redo, but also we can think of it as a bitesized improvement that needs to be made and can be independent of the grand website redo. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/22637> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs