[Pkg-anonymity-tools] Bug#756194: should verify 3 signatures are correct
Holger Levsen
holger at layer-acht.org
Sun Jul 27 11:34:07 UTC 2014
package: torbrowser-launcher
tags: upstream
Hi,
again about this when starting the launcher:
Running task: verify
Verifying signature
gpg: Signature made Thu Jul 24 10:45:33 2014 CEST using RSA key ID 0E3A92E4
gpg: Good signature from "Mike Perry (Regular use key)
<mikeperry at torproject.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: C963 C21D 6356 4E2B 10BB 335B 2984 6B3C 6836 86CC
Subkey fingerprint: D734 B622 C7B5 D164 D665 0CB8 717F 1F13 0E3A 92E4
Running task: extract
tbb downloads are signed by 3 signatures always, all three of them should be
checked and if there are not 3 valid signatures (or an invalid one), it should
fail and warn loudly.
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/attachments/20140727/e7332382/attachment.sig>
More information about the Pkg-anonymity-tools
mailing list