Re: [Tails-dev] Updated signing key - lack of notice on d/l …

Delete this message

Reply to this message
Author: kytv
Date:  
To: tails-dev
Subject: Re: [Tails-dev] Updated signing key - lack of notice on d/l page for 1.7
On Sat, Nov 07, 2015 at 09:23:40AM +0000, Anonymous wrote:
> on your TAILS download page it mentions:
>
> "Tails transitioned to a new signing key in Tails 1.3.1."
>
> But it fails to mention the new updated signing key for 1.7.
> I verified the 1.7 ISO with an older version of TAILS and
> followed this by importing the 1.7 signing key and it too
> verified the 1.7 ISO.
>
> But, you should post somewhere about the new 1.7 signing key
> and recommend the download of it just in case for some
> users. TIA


I believe you are mistaken. If there was a new signing key it would definitely
have been mentioned. There isn't a new signing key for 1.7.

╰$ gpg --verify tails-i386-1.7.iso.sig tails-i386-1.7.iso
gpg: Signature made 2015-11-03T03:29:43 UTC
gpg:                using RSA key 0x98FEC6BC752A3DB6  ←
gpg: Good signature from "Tails developers (offline long-term identity key) <tails@???>"
gpg:                 aka "Tails developers <tails@???>"



╰$ gpg -k 0x98FEC6BC752A3DB6
pub   4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2017-01-11]
uid                            Tails developers (offline long-term identity key) <tails@???>
uid                            Tails developers <tails@???>
sub   4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2017-01-11] ←
sub   4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2017-01-11]
sub   4096R/0xAA9E014656987A65 2015-01-18 [expires: 2016-01-11]


That is the key which was transitioned to for 1.3.1.
(https://tails.boum.org/news/signing_key_transition/index.en.html)

Or am I missing something?