As reported in a bug report, when downloading an ISO signature from
Tails, the browser proposes to open it using "Decrypt File" instead of
"Verify Signature".
See
https://tails.boum.org/todo/fix_signature_verification_from_Iceweasel/.
In Tails 0.18, with Squeeze, /etc/mime.types has:
application/pgp-encrypted
application/pgp-keys key
application/pgp-signature pgp
On my machine, with Wheeze, it has:
application/pgp-encrypted pgp
application/pgp-keys key
application/pgp-signature sig
At the time we named the signature file *.pgp I guess boum.org was on
Squeeze. Maybe now it's on Wheezy and the MIME association changed.
It's now returning application/pgp-encrypted, see:
$ curl --verbose
https://tails.boum.org/torrents/files/tails-i386-0.19.torrent.pgp
[...]
< Content-Type: application/pgp-encrypted
On my local webserver under Wheezy, downloading
tails-i386-0.19.torrent.pgp proposes "Decrypt File" but downloading the
same file renamed as tails-i386-0.19.torrent.sig proposes "Verify
Signature".
Seems like it's time to rename our signature files as .sig.
But since all that depends on the webserver providing the file, it might
also differ on different mirrors. Would we prefer to serve the signature
always from boum.org?