Ask HN: Is the Tor Browser Developers GPG Key Attacked or Compromised?
1 comments
Probably related to this:
https://nakedsecurity.sophos.com/2019/07/05/openpgp-experts-...
https://www.zdnet.com/article/openpgp-flooded-with-spam-by-u...
I'm sure I read in that last day or two about software updates to mitigate against this, but I can't find anything now.
There is a 2 day old release of GnuPG available - which isn't described on their release notes page (yet?):
https://gnupg.org/download/index.html
https://nakedsecurity.sophos.com/2019/07/05/openpgp-experts-...
https://www.zdnet.com/article/openpgp-flooded-with-spam-by-u...
I'm sure I read in that last day or two about software updates to mitigate against this, but I can't find anything now.
There is a 2 day old release of GnuPG available - which isn't described on their release notes page (yet?):
https://gnupg.org/download/index.html
> https://keys.gnupg.net/pks/lookup?op=get&search=0x4E2C6E8793298290
> https://pool.sks-keyservers.net/pks/lookup?search=0x4E2C6E8793298290&fingerprint=on&op=index
Surely this can't be right. In fact, I'm worried about even trying to import them into GPG. Has someone vandalized or otherwise broken the signing keys?