[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #15864 [Tor Browser]: Differentiate between build and release sha256sums.txt



#15864: Differentiate between build and release sha256sums.txt
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:  tbb-team
  mikeperry              |     Status:  new
         Type:  defect   |  Milestone:
     Priority:  normal   |    Version:
    Component:  Tor      |   Keywords:  tbb-4.5-regression,
  Browser                |  TorBrowserTeam201505, tbb-usability
   Resolution:           |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------

Comment (by proper):

 Deprecation of sha256sums files is bad. Breaks Tor Browser downloaders
 such as torbrowser-launcher and worsens security.

 sha256sum files helped to authenticate filenames... Because...

 GPG signatures do not authenticate filenames: #2340

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/15864#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs