Transition smoothly away from Erinn's signing key for the coming releases
We should find a good transition away from Erinn's signing key. There are already different proposals on the table with different kinds of efforts involved:
- Move on to a different key of one of the Tor people.
- Move away from single points of failure and use the sha256sums verification we already describe on https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerification
- Create a role key for signing the bundles to be not dependent on single people available signing the release.