Skip to content
GitLab
  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
  • TPA team TPA team
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Issues 174
    • Issues 174
    • List
    • Boards
    • Service Desk
    • Milestones
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
  • Wiki
    • Wiki
  • Activity
  • Create a new issue
  • Issue Boards
Collapse sidebar
  • The Tor Project
  • TPA
  • TPA teamTPA team
  • Issues
  • #40299
Closed (moved) (moved)
Open
Created Jun 14, 2021 by Roger Shimizu@rosh

Please extend PGP/GPG subkey for torbrowser@tpo (0x4E2C6E8793298290)

PGP/GPG subkey for torbrowser@tpo (0x4E2C6E8793298290) expired already on last Saturday, June/12. And I also tried to refresh the key by using a few well-known key servers, and found it's not updated.

$ gpg --keyserver hkps://hkps.pool.sks-keyservers.net --keyserver-options self-sigs-only --refresh-keys 0x4E2C6E8793298290
gpg: refreshing 1 key from hkps://hkps.pool.sks-keyservers.net
gpg: key 0x4E2C6E8793298290: number of dropped non-self-signatures: 121456
gpg: pub  rsa4096/0x4E2C6E8793298290 2014-12-15  Tor Browser Developers (signing key) <torbrowser@torproject.org>
gpg: key 0x4E2C6E8793298290: 12 duplicate signatures removed
gpg: key 0x4E2C6E8793298290: 2 signatures reordered
gpg: key 0x4E2C6E8793298290/0x7017ADCEF65C2036: removed multiple subkey binding
gpg: key 0x4E2C6E8793298290/0x2E1AC68ED40814E0: removed multiple subkey binding
gpg: key 0x4E2C6E8793298290/0xEB774491D9FF06E2: removed multiple subkey binding
gpg: Note: signature key 0xD1483FA6C3C07136 expired Fri 24 Aug 2018 08:26:24 PM JST
gpg: Note: signature key 0xEB774491D9FF06E2 expired Sat 12 Jun 2021 11:35:23 AM JST
gpg: Note: signature key 0x2E1AC68ED40814E0 expired Fri 25 Aug 2017 08:26:30 PM JST
gpg: Note: signature key 0x7017ADCEF65C2036 expired Fri 25 Aug 2017 08:23:23 PM JST
gpg: Note: signature key 0x2D000988589839A3 has been revoked
gpg: key 0x4E2C6E8793298290: "Tor Browser Developers (signing key) <torbrowser@torproject.org>" not changed
gpg: Total number processed: 1
gpg:              unchanged: 1

So currently there's only valid subkey for certification, but no valid subkey for signature:

$ gpg -k 0x4E2C6E8793298290
pub   rsa4096/0x4E2C6E8793298290 2014-12-15 [C] [expires: 2025-07-21]
      Key fingerprint = EF6E 286D DA85 EA2A 4BA7  DE68 4E2C 6E87 9329 8290
uid                   [ unknown] Tor Browser Developers (signing key) <torbrowser@torproject.org>

And there're quite a few issue reports that failed to get TBB installed:

  • https://github.com/micahflee/torbrowser-launcher/issues/562
  • https://github.com/micahflee/torbrowser-launcher/issues/563
  • https://github.com/micahflee/torbrowser-launcher/issues/564
  • https://github.com/micahflee/torbrowser-launcher/issues/565
  • https://github.com/micahflee/torbrowser-launcher/issues/566
  • https://github.com/micahflee/torbrowser-launcher/issues/567
  • https://github.com/micahflee/torbrowser-launcher/issues/569

I hope this key update can be fixed soon. Thank you!

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking