[Pkg-privacy-maintainers] Packaging workflow onioncircuits

[intrigeri]

Ulrike Uhlig:
> Do we agree that this tarball has no signature?

It has no signature but FWIW it's in an APT repo so assuming one has
a trust path to the Tails APT repo's signing key, it's technically
feasible to verify the authenticity/integrity of this file (including
its version, which one can't do with detached tarball signatures).

I'm not saying it's easy nor fun, though :)

Cheers,
-- 
intrigeri