#3379: GetTor reply omits GPG instructions
----------------------+-----------------------------------------------------
Reporter: rransom | Owner:
Type: defect | Status: new
Priority: critical | Milestone:
Component: GetTor | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Comment(by rransom):
Replying to [ticket:3379 rransom]:
>
{{{
The output should look somewhat like this:
gpg: Good signature from 'Roger Dingledine <[email protected]>'
}}}
The message contains Roger's user ID, even if the package attached to it
is signed by (for example) Erinn.
nickm suggests that the GetTor message not use the user ID of any real key
in its example, because then users will trust that user ID to sign the
package. I don't know what would be better, though; users who need to use
GetTor can't read [https://www.torproject.org/docs/verifying-signatures
our verifying-signatures page].
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3379#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
