11.0.7's sha256sums-unsigned-build.txt signed by surprising key
The good happy world:
$ wget --quiet https://dist.torproject.org/torbrowser/11.0.6/sha256sums-unsigned-build.txt.asc
$ wget --quiet https://dist.torproject.org/torbrowser/11.0.6/sha256sums-unsigned-build.txt
$ gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt
gpg: Signature made Tue 01 Mar 2022 08:19:59 AM EST
gpg: using RSA key E53D989A9E2D47BF
gpg: Good signature from "Tor Browser Developers (signing key) <torbrowser@torproject.org>" [full]
The sad new world:
$ wget --quiet https://dist.torproject.org/torbrowser/11.0.7/sha256sums-unsigned-build.txt.asc
$ wget --quiet https://dist.torproject.org/torbrowser/11.0.7/sha256sums-unsigned-build.txt
$ gpg --verify sha256sums-unsigned-build.txt.asc sha256sums-unsigned-build.txt
gpg: Signature made Sun 06 Mar 2022 04:53:52 AM EST
gpg: using RSA key 45482E536642433E829F7D021DDE30B764471014
gpg: Can't check signature: No public key
Looks like that second one is boklm's personal key?
Reported by a user on #tor.