Vidalia Bundles have bad signatures
All the Vidalia bundles still have a broken signature.
gpg --verify vidalia-bridge-bundle-0.2.3.25-0.2.21.exe.asc vidalia-bridge-bundle-0.2.3.25-0.2.21.exe gpg: Signature made Mon 03 Dec 2012 07:41:14 PM CET using RSA key ID 63FEE659 gpg: BAD signature from "Erinn Clark erinn@torproject.org"
(same for exit/relay bundles)