[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8286 [Tor bundles/installation]: Fetch software during TBB build process only over trusted HTTPS

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #8286 [Tor bundles/installation]: Fetch software during TBB build process only over trusted HTTPS
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 20 Feb 2013 02:18:35 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 19 Feb 2013 21:18:44 -0500
In-reply-to: <047.d3e20b77c10b7f957a08160b22611952@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.d3e20b77c10b7f957a08160b22611952@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#8286: Fetch software during TBB build process only over trusted HTTPS
--------------------------------------+-------------------------------------
 Reporter:  ioerror                   |          Owner:  erinn
     Type:  enhancement               |         Status:  new  
 Priority:  major                     |      Milestone:       
Component:  Tor bundles/installation  |        Version:       
 Keywords:                            |         Parent:  #8288
   Points:                            |   Actualpoints:       
--------------------------------------+-------------------------------------

Comment(by ioerror):

 Replying to [comment:2 arma]:
 > In theory, if we do #8283, this ticket isn't so needed from the security
 side? But it is still useful from the resilience side?

 This is likely to be completed first as it is literally just a swap out of
 urls - no program flow really needs to change. Even if it was still using
 the wget without cert checking, we'd _still_ be better off, I think.
 Certainly because our HTTPS mirror will be up but also because it will be
 faster and we can then add the wget change. See the attached patches.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8286#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #8286 [Tor bundles/installation]: Fetch software during TBB build process only over trusted HTTPS
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #8286 [Tor bundles/installation]: Fetch software during TBB build process only over trusted HTTPS
Next by Author: Re: [tor-bugs] #8283 [Tor bundles/installation]: track hashes for all TBB dep source files
Previous by thread: Re: [tor-bugs] #8286 [Tor bundles/installation]: Fetch software during TBB build process only over trusted HTTPS
Next by thread: Re: [tor-bugs] #8286 [Tor bundles/installation]: Fetch software during TBB build process only over trusted HTTPS
Index(es):
- Author
- Thread