Hello,
The new download page [1] does not provide links to the signature files needed to check that the provided tor browser bundles have indeed been produced and/or approved by the tor browser team.
Such signatures are important for software in general, but it is especially worrying when they are lacking from an inherently privacy and security focused project like tor. In the end, I managed to find the signature file by appending `.asc` to the bundle URL, but others might not think of doing that, and besides, I feel like we should promote security best practices by encouraging people to check the signature.
While I'm at it, thank you all for your contributions to this critical piece of FOSS software.
[1] https://www.torproject.org/download/
-- mwnx GPG: AEC9 554B 07BD F60D 75A3 AF6A 44E8 E4D4 0312 C726