Bug #17524

Expert verification instructions no longer work due to expiry of Stefano Zacchiroli's key

Added by tailsverifier 2020-03-15 09:39:05 . Updated 2020-03-22 08:09:17 .

Target version:
Start date:
Due date:
% Done:


Feature Branch:
Type of work:
End-user documentation

Affected tool:
Deliverable for:


Stefano’s key 0x9C31503C6D866396 expired on 2020-02-07. Thus, when the instructions on https://tails.boum.org/install/expert/usb/index.en.html are followed, “gpg —keyid-format 0xlong —check-sigs A490D0F4D311A4153E2BB7CADBB802B258ACD84F” will not display the signature.

There are other Debian developers who have signed the key, so one of these could be used instead. Alternatively, Stefano could sign it with a new key. Whatever solution is chosen, the page will need to be updated.


Related issues

Is duplicate of Tails - Bug #17475: Stefano Zacchiroli's public key is expired since 2020-02-07 Duplicate
Blocks Tails - Feature #17247: Core work 2020Q1 → 2020Q2: Technical writing Confirmed


#1 Updated by intrigeri 2020-03-15 09:48:11

  • is duplicate of Bug #17475: Stefano Zacchiroli's public key is expired since 2020-02-07 added

#2 Updated by intrigeri 2020-03-15 09:48:20

  • Status changed from New to Duplicate

#3 Updated by sajolida 2020-03-18 18:34:30

  • blocks Feature #17247: Core work 2020Q1 → 2020Q2: Technical writing added

#4 Updated by sajolida 2020-03-18 18:34:44

It’s an important bug on an installation path so I think it qualifies as core work.

#5 Updated by sajolida 2020-03-18 18:57:34

  • Status changed from Duplicate to In Progress
  • Assignee set to sajolida
  • Priority changed from High to Elevated
  • Target version set to Tails_4.5

I asked Chris Lamb who’s key seems to have no expiry date in the Debian keyring from stable:

root@amnesia:~# gpg --keyring=/usr/share/keyrings/debian-keyring.gpg --list-keys lamby
pub   rsa4096 2009-07-12 [SC]
uid           [ unknown] Chris Lamb <chris@chris-lamb.co.uk>
uid           [ unknown] Chris Lamb <lamby@gnu.org>
uid           [ unknown] Chris Lamb <lamby@debian.org>
sub   rsa4096 2009-07-12 [E]

#6 Updated by sajolida 2020-03-21 21:12:44

  • Status changed from In Progress to Needs Validation
  • Assignee changed from sajolida to intrigeri

Here is a branch that replaces zack’s key with lamby’s key.

I’m sure @cbrownstein could review this but, since there’s no English involved and it’s more about trust and not fucking up voodoo GPG stuff, I thought that it might be better if a Release Manager or Foundations Team member did it.

#7 Updated by intrigeri 2020-03-22 07:46:29

  • Feature Branch set to doc/17524-replace-zacc

#8 Updated by intrigeri 2020-03-22 08:09:17

  • Status changed from Needs Validation to Resolved
  • % Done changed from 0 to 100

Applied in changeset commit:tails|46af91aceef60d97b822e4c253e441d3f3b016d3.