[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5689 [Tor bundles/installation]: tor-browser-2.2.35-9_en-US.exe infected?



#5689: tor-browser-2.2.35-9_en-US.exe infected?
-----------------------------------------+----------------------------------
    Reporter:  taylorkh                  |       Owner:  erinn                        
        Type:  defect                    |      Status:  reopened                     
    Priority:  critical                  |   Milestone:  TorBrowserBundle 2.2.x-stable
   Component:  Tor bundles/installation  |     Version:                               
  Resolution:                            |    Keywords:                               
      Parent:                            |      Points:                               
Actualpoints:                            |  
-----------------------------------------+----------------------------------

Comment(by Sebastian):

 Replying to [comment:8 mikeperry]:
 > Did we get a reason from them? Also, it's just F-Secure that updated,
 right? That doesn't make this fixed. The reporter also mentioned
 bitdefender, and commenters mentioned mccaffee.

 No, we didn't get a reason. This is fixed, I checked on virustotal and it
 comes up entirely clean for all scanners they test.


 > Also, has anyone tried scanning a bundle built on a different, fresh
 machine?

 Yes, I tried that on the very first day, and that bundle came out clean
 (so much for reproducible builds)

 > Also, why don't we keep fresh build images or snapshots at the very
 least? If #3688 is out of reach, we should at least be reverting to known
 clean snapshots before each build.

 I have no idea how the build machine setup works. Reverting to snapshots
 is silly when we need to keep track of security updates of dependencies,
 which happens way too frequently.


 Please close this if you're satisfied now, and open a new bug for build-
 machine related things

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5689#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs