[Pkg-anonymity-tools] Bug#756194: Bug#756194: Bug#756194: should verify 3 signatures are correct
Holger Levsen
holger at layer-acht.org
Sun Aug 3 09:52:41 UTC 2014
Hi Micah and *,
cc:ing the people who are doing those signings, as they should be able to
chime a light on this question:
On Sonntag, 3. August 2014, Micah Lee wrote:
> Are you sure that the releases always have 3 signatures? My worry would
> be that maybe one of the devs isn't available and they do a release with
> only 2 signatures, and Tor Browser Launcher users won't be able to update.
my worry is that is easier to 0wn one gpg key than two or three.
So what's the recommend approach here, how many signatures will *always* be on
a tbb release?
cheers,
Holger
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 828 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/attachments/20140803/0fcd140f/attachment.sig>
More information about the Pkg-anonymity-tools
mailing list