On Thu, 8 May 2014 22:23:20 +0000 (UTC)
outerdark@??? wrote:
> This is ridiculous. Is the TOR website set up with an NSA backdoor
> too? Im afraid to use the tool that has always sheltered me in my
> fear of eavesdropping. I have downloaded 15 ISO or Torrent versions
> in two days and each one had a forged signature according to PGP. Can
> you send me a guaranteed clean copy so I can catch up on all I need
> to do that has been hindered since upgrading due to every copy coming
> up bad forged signature. I just enrolled to be a tester. I hope the
> test versions are transmitted using methods to thwart MITM.
> Best Regards
> JD
>
It worked here.
$ gpg --verify tails-i386-1.0.iso.sig tails-i386-1.0.iso
gpg: Signature made Sun 27 Apr 2014 08:02:35 PM UTC
gpg: using RSA key 1202821CBE2CD9C1
gpg: Good signature from "Tails developers (signing key) <tails@???>"
gpg: aka "T(A)ILS developers (signing key) <amnesia@???>
$ sha256sum -b tails-i386-1.0.iso
199877e17f69157c48000a513b2b5daeb1b0ef551d36b8456a522006fd66fd8e *tails-i386-1.0.iso
If you really downloaded it all those times, and the downloads
completed, and it *still* failed to verify each time, perhaps it
wouldn't be a bad idea to check your RAM for problems because the ISOs
are fine.