On Sat, Nov 07, 2015 at 09:23:40AM +0000, Anonymous wrote:
> on your TAILS download page it mentions:
>
> "Tails transitioned to a new signing key in Tails 1.3.1."
>
> But it fails to mention the new updated signing key for 1.7.
> I verified the 1.7 ISO with an older version of TAILS and
> followed this by importing the 1.7 signing key and it too
> verified the 1.7 ISO.
>
> But, you should post somewhere about the new 1.7 signing key
> and recommend the download of it just in case for some
> users. TIA
I believe you are mistaken. If there was a new signing key it would definitely
have been mentioned. There isn't a new signing key for 1.7.
╰$ gpg --verify tails-i386-1.7.iso.sig tails-i386-1.7.iso
gpg: Signature made 2015-11-03T03:29:43 UTC
gpg: using RSA key 0x98FEC6BC752A3DB6 ←
gpg: Good signature from "Tails developers (offline long-term identity key) <tails@???>"
gpg: aka "Tails developers <tails@???>"
╰$ gpg -k 0x98FEC6BC752A3DB6
pub 4096R/0xDBB802B258ACD84F 2015-01-18 [expires: 2017-01-11]
uid Tails developers (offline long-term identity key) <tails@???>
uid Tails developers <tails@???>
sub 4096R/0x98FEC6BC752A3DB6 2015-01-18 [expires: 2017-01-11] ←
sub 4096R/0x3C83DCB52F699C56 2015-01-18 [expires: 2017-01-11]
sub 4096R/0xAA9E014656987A65 2015-01-18 [expires: 2016-01-11]
That is the key which was transitioned to for 1.3.1.
(
https://tails.boum.org/news/signing_key_transition/index.en.html)
Or am I missing something?