Update or deprecate verifying-signatures.html.en
The documentation for verifying signatures located here - https://2019.www.torproject.org/docs/verifying-signatures.html.en has not been updated to reflect the process required since the key was poisoned. The docs here - https://support.torproject.org/#how-to-verify-signature have been.
Specifically the process for importing the key needs to be -
gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser@torproject.org
gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290
and verifying the key -
gpg --fingerprint EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
Alternatively the page should be a link to the currently accurate documentation.
Trac:
Username: shrike