Merge #1332: Backport: Update gpg key documentation with Edouard key

7fe3598 Update gpg key documentation with Edouard key (edouardparis)

Pull request description:

ACKs for top commit:
  pythcoiner:
    ACK 7fe3598

Tree-SHA512: 503d197bad08977537f944a0fe513908f60e131a0f84e783c3788021c04b9726ecabc8a38c05c88c3014676b1077d435777177e8055fb41eccd32bc067ad2bfb

SECURITY.md

@@ -1,10 +1,9 @@
 # Security policy
 
 Please report any vulnerability or any bug that could potentially affect the security of users'
-funds by mail to [`antoine@wizardsardine.com`](mailto:antoine@wizardsardine.com).
+funds by mail to [`edouard@wizardsardine.com`](mailto:edouard@wizardsardine.com).
 
-You may use my GPG public key to encrypt your mail: `590B7292695AFFA5B672CBB2E13FC145CD3F4304`. You
+You may use Edouard GPG public key to encrypt your mail: `5B63F3B97699C7EEF3B040B19B7F629A53E77B83`. You
 can get it from:
-- [`keys.openpg.org`](https://keys.openpgp.org/search?q=darosior%40protonmail.com): `gpg --keyserver hkps://keys.openpgp.org --receive 590B7292695AFFA5B672CBB2E13FC145CD3F4304`.
-- [My personal website](http://download.darosior.ninja/darosior.pub)
-- [Bitcoin Core's `guix.sigs` Github repository](https://github.com/bitcoin-core/guix.sigs/blob/main/builder-keys/darosior.gpg)
+- [`keys.openpg.org`](https://keys.openpgp.org/search?q=m%40edouard.paris): `gpg --keyserver hkps://keys.openpgp.org --receive 5B63F3B97699C7EEF3B040B19B7F629A53E77B83`.
+- [his personal website](https://edouard.paris/keys/5B63F3B97699C7EEF3B040B19B7F629A53E77B83)

doc/TRY.md

@@ -24,9 +24,9 @@ simulator](https://github.com/cryptoadvance/specter-diy/blob/master/docs/simulat
 Here is a list of the system dependencies: the tools and libraries you need to have installed on
 your system to follow the guide if you are running a Linux that isn't Debian- or Arch- based.
 
-- GUI requirements, see the link to projects below to search for the name of your distribution's packages.  
-    - [`fontconfig`](https://www.freedesktop.org/wiki/Software/fontconfig/) 
-    - [Libudev](https://www.freedesktop.org/software/systemd/man/libudev.html) 
+- GUI requirements, see the link to projects below to search for the name of your distribution's packages.
+    - [`fontconfig`](https://www.freedesktop.org/wiki/Software/fontconfig/)
+    - [Libudev](https://www.freedesktop.org/software/systemd/man/libudev.html)
 - Running binaries requires GLIBC >= 2.33 (Ubuntu >= 22.04 or Debian >= 12)
 
 We'll use basic tools which should already be present on your system, such as:
@@ -39,7 +39,7 @@ To verify binaries you will also need:
 ### Throwaway folder
 
 You can follow the guide from any folder of your choice. We recommend creating a new dedicated folder you
-can wipe easily after testing. 
+can wipe easily after testing.
 
 If you are using a Linux terminal:
 ```
@@ -57,7 +57,11 @@ running a too old glibc. In this case you may have to build from source. See the
 about this in the README](../README.md#a-note-on-linux-binaries-and-glibc-version).
 
 For every file available on the website, there is an accompanying `.asc` file with the same
-name on our [Github release page](https://github.com/wizardsardine/liana/releases). This is a GPG signature made with Antoine Poinsot's key:
+name on our [Github release page](https://github.com/wizardsardine/liana/releases).
+
+if Liana version is inferior to v7:
+
+This is a GPG signature made with Antoine Poinsot's key:
 `590B7292695AFFA5B672CBB2E13FC145CD3F4304`. This key is available elsewhere for cross-checking, such
 as on [his Twitter profile](https://twitter.com/darosior) or his [personal
 website](http://download.darosior.ninja/antoine_poinsot_0xE13FC145CD3F4304.txt). It is recommended
@@ -72,9 +76,29 @@ GPG should tell you the signature is valid for Antoine's key.
 If GPG told you that Antoine key has expired, you should refresh it.
 Example for Linux (replace the signature name with the one corresponding to your download):
 ```
-gpg --keyserver hkps://keys.openpgp.org --refresh-keys E13FC145CD3F4304      
+gpg --keyserver hkps://keys.openpgp.org --refresh-keys E13FC145CD3F4304
+```
+
+if Liana version is superior or equal to v7:
+
+This is a GPG signature made with Edouard Paris key:
+`5B63F3B97699C7EEF3B040B19B7F629A53E77B83`. This key is available elsewhere for cross-checking, such
+as on  his [personal website](https://edouard.paris/keys/5B63F3B97699C7EEF3B040B19B7F629A53E77B83.asc).
+It is recommended you verify your download against this key.
+Example for Linux (replace the signature name with the one corresponding to your download):
+```
+gpg --keyserver hkps://keys.openpgp.org --receive 5B63F3B97699C7EEF3B040B19B7F629A53E77B83
+gpg --verify liana_7.0-1_amd64.deb.asc
+```
+GPG should tell you the signature is valid for Edouard's key.
+
+If GPG told you that Edouard key has expired, you should refresh it.
+Example for Linux (replace the signature name with the one corresponding to your download):
+```
+gpg --keyserver hkps://keys.openpgp.org --refresh-keys 5B63F3B97699C7EEF3B040B19B7F629A53E77B83
 ```
 
+
 If all is good, you can run Liana!
 
 At startup, you will have the choice between starting Liana using an existing configuration or to
@@ -125,7 +149,7 @@ my own configuration, but it depends on what you configured previously). Then yo
 
 Keep in mind that signet coins have no value!
 
-Signet is a network, so you can send coins to other people on signet, receive from them, etc. Feel free to explore Liana! 
+Signet is a network, so you can send coins to other people on signet, receive from them, etc. Feel free to explore Liana!
 
 
 ## Cleanup
@@ -149,7 +173,7 @@ rm -rf ~/.liana/signet
 ```
 
 
-## Tips & Tricks 
+## Tips & Tricks
 
 ### Simulating multiple wallets
 

doc/USAGE.md

@@ -10,13 +10,12 @@ The recommended installation method for regular users is to download [an executa
 from our website](https://wizardsardine.com/liana/). If you prefer to build the project from source,
 see [`BUILD.md`](BUILD.md) instead.
 
-We recommend you verify the software you downloaded against a PGP signature made by Antoine Poinsot
-using his key `590B7292695AFFA5B672CBB2E13FC145CD3F4304`. For now the PGP signatures for the
+We recommend you verify the software you downloaded against a PGP signature made by Edouard Paris
+using his key `5B63F3B97699C7EEF3B040B19B7F629A53E77B83`. For now the PGP signatures for the
 binaries downloaded on our website are only available on the [Github release
 page](https://github.com/wizardsardine/liana/releases). Find the `.asc` file in the list
-corresponding to the binary you downloaded. Antoine's key is available elsewhere for cross-checking,
-such as on [his Twitter profile](https://twitter.com/darosior) or [Bitcoin Core's like of builder
-keys](https://github.com/bitcoin-core/guix.sigs/blob/main/builder-keys/darosior.gpg).
+corresponding to the binary you downloaded. Edouard's key is available elsewhere for cross-checking,
+such as on [his personal website](https://edouard.paris).
 
 For Arch users, a `liana-bin` is also available at the [AUR](https://aur.archlinux.org/). You can
 install it using your favourite wrapper (eg `paru -S liana-bin` or `yay -S liana-bin`), or manually: