[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5147 [Tor bundles/installation]: wrong/no signatures on FC packages



#5147: wrong/no signatures on FC packages
-----------------------------------------+----------------------------------
    Reporter:  qbi                       |       Owner:  erinn           
        Type:  defect                    |      Status:  reopened        
    Priority:  major                     |   Milestone:                  
   Component:  Tor bundles/installation  |     Version:  Tor: unspecified
  Resolution:                            |    Keywords:                  
      Parent:                            |      Points:                  
Actualpoints:                            |  
-----------------------------------------+----------------------------------
Changes (by marlowe):

 * cc: marlowe@â (added)


Comment:

 The sucker steps forward. ;)

 We don't need to post the .asc files.  rpm performs the signature check
 internally.  The user imports the GPG key of the package signer into their
 rpmdb.  Through this mechanism, they can verify the rpm hasn't changed
 since we signed it.  The particular use case might be users who prefer to
 install the rpm directly as opposed to through yum.

 I think we can close the ticket.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5147#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs