Improve verifying signatures instructions
The instructions on verifying signatures at https://support.torproject.org/tbb/how-to-verify-signature/ should be clearer and more concise.
A frontdesk email reads:
"In order to verify the integrity of the Tor browser installation file, you recommend downloading GPG4win, but then your instructions for Windows say to use a command line command that is not included with that package, and there are no instructions on how to use the GUI to verify the package (or which GUI to use, since there are at least two included in GPG4win).
Trying to import the asc file into Kleopatra or the GNU Privacy Assistant results in a message saying that 0 certificates were imported, or no keys were found.
What's more, there is a confusing reference to the " Tor Browser Developers signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290)". Is this the key I'm supposed to be using for verification? This doesn't appear to be a PGP public key.
There's also a statement that suggests that the PGP public key file is automatically downloaded with the installation package, but it's not. "Each file on our download page is accompanied by a file with the same name as the package and the extension ".asc"." The download page does not show file names, and using the download link on the download page only downloads the exe file."