[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #13407 [Tor bundles/installation]: Transition smoothly away from Erinn's signing key for the coming releases



#13407: Transition smoothly away from Erinn's signing key for the coming releases
--------------------------------------+-----------------------
 Reporter:  gk                        |          Owner:  erinn
     Type:  task                      |         Status:  new
 Priority:  normal                    |      Milestone:
Component:  Tor bundles/installation  |        Version:
 Keywords:                            |  Actual Points:
Parent ID:                            |         Points:
--------------------------------------+-----------------------
 We should find a good transition away from Erinn's signing key. There are
 already different proposals on the table with different kinds of efforts
 involved:

 1) Move on to a different key of one of the Tor people.
 2) Move away from single points of failure and use the sha256sums
 verification we already describe on https://www.torproject.org/docs
 /verifying-signatures.html.en#BuildVerification
 3) Create a role key for signing the bundles to be not dependent on single
 people available signing the release.

 ...

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13407>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs