SHA-1 is weak: Use better hash to generate signatures
Please upgrade the signatures on the web page https://www.torproject.org/download/download-easy.html.en
The current package signatures use SHA-1. Other open source project are also in process of upgrading to stronger hashes.
http://www.debian-administration.org/users/dkg/weblog/48 https://www.apache.org/dev/openpgp.html#sha1
Trac:
Username: mkral