GPG verification of NoScript XPI files
Posted: Wed Nov 19, 2014 5:25 am
Hi. As someone who's trained in the humanities, between Tor and Debian there appears to be a lot of trust placed in the GPG system. Verifying Tor with gpg seems reasonable, but updating a gpg verified TorBrowser with an XPI file unverified at the same level seems somewhat counterintuitive in terms of security. Is there a gpg detached signature available for verifying NoScript releases? I apologize if this question's been asked and answered here before, but unfortunately I couldn't locate any relevant posts.