[57north-discuss] Verifying a Tails download

Iain R. Learmonth irl at fsfe.org
Fri Apr 11 13:57:03 UTC 2014

Previous message: [57north-discuss] Fwd: Re: Servers up for grabs until Friday
Next message: [57north-discuss] [sjb.walker at gmail.com: [bitfolk] Scanning for "heartbleed" vulnerability]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Sup,

I wanted to download Tails, but needed to verify that no one had messed with
the download between the Tails project and my laptop to insert malware,
spyware or other badware.

Tails sign the releases with GPG but again, I needed to know that no one had
messed with the GPG key.

The Tails release key has been signed by a few people on the Debian keyring,
and I've got trust links to the Debian keyring, so I was able to verify the
key sort of.

I discovered the following trust paths:

 0* E9846C49  Iain R. Learmonth <irl.at.fsfe.org> #12418 signs
 1* D1C646D1  Andreas Tille <tille.at.debian.org> #634 signs
 2  D21739E9  Daniel Kahn Gillmor <dkg.at.fifthhorseman.net> #319 signs
 3  2861A790  Micah Anderson <micah.at.riseup.net> #573 signs
 4  BE2CD9C1  Tails developers (signing key) <tails at boum.org>
 
 0* E9846C49  Iain R. Learmonth <irl.at.fsfe.org> #12418 signs
 1* C020EED1  Steffen Moeller <steffen_moeller.at.gmx.de> #7358 signs
 2* C09FD35A  Andreas Tille <tille.at.debian.org> #71 signs
 3  1880283C  Anibal Monsalve Salazar <anibal.at.debian.org> #31 signs
 4  2861A790  Micah Anderson <micah.at.riseup.net> #573 signs
 5  BE2CD9C1  Tails developers (signing key) <tails at boum.org>
 
 0* E9846C49  Iain R. Learmonth <irl.at.fsfe.org> #12418 signs
 1* A344A01E  Tony Travis <tony.travis.at.minke-informatics.co.uk> #22029 signs
 2  9A0C52FA  Laszlo Kajan <lkajan.at.debian.org> #4903 signs
 3  028756FF  Julian Taylor (strong debian key) <jtaylor.debian.at.googlemail.com> #1210 signs
 4  D49AE731  Christoph Egger <christoph.egger.at.gmx.de> #252 signs
 5  2861A790  Micah Anderson <micah.at.riseup.net> #573 signs
 6  BE2CD9C1  Tails developers (signing key) <tails at boum.org>

The asterisks are against people I have met afk.

I can say with some certainty, as a result, that the fingerprint of the
Tails signing key is:

  0D24 B36A A9A2 A651 7878  7645 1202 821C BE2C D9C1

Of course, I'm not going to guarantee that that's correct. I've made a
best-effort attempt to verify the key. There is also a small, but nonzero,
chance that the NSA may spontaneously appear in your home and assasinate you
for having read this email. I'd rather you didn't hold me responsible for
that either.

Iain.

-- 
urn:x-human:Iain R. Learmonth
http://iain.learmonth.me/
mailto:irl at fsfe.org
xmpp:irl at jabber.fsfe.org
tel:+447875886930

GPG Fingerprint: 1F72 607C 5FF2 CCD5 3F01 600D 56FF 9EA4 E984 6C49
Please verify out-of-band before trusting with sensitive information.

[[[ To any GCHQ or other security service agents reading my email: ]]]
[[[ Please consider if any professional body code of conduct to    ]]]
[[[ which you subscribe requires you to follow Snowden's example.  ]]]
[[[ Your professional membership, chartered or incorporated status ]]]
[[[ may be at risk.                                                ]]]

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.57north.co/pipermail/57north-discuss/attachments/20140411/4962d3ff/attachment.sig>

Previous message: [57north-discuss] Fwd: Re: Servers up for grabs until Friday
Next message: [57north-discuss] [sjb.walker at gmail.com: [bitfolk] Scanning for "heartbleed" vulnerability]
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the 57north-discuss mailing list