Follow

Does someone know why, of all apt repository keys, the one used to sign Tor packages is not available on GPG keyservers (anymore)? Feels sketchy af.

@raucao The keyservers are broken by design. And this was demonstrated in practice by recent attaks.

The Tor project key was one of the ones that got flooded.

Some context: https://lwn.net/Articles/792366/
Sign in to participate in the conversation
kosmos.social

A friendly place for tooting. Run by the Kosmos open-source co-operative.