[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #20422 [Applications/Tor Browser]: Tor Browser builds are broken due to failing pycrypto signature check

Subject: Re: [tor-bugs] #20422 [Applications/Tor Browser]: Tor Browser builds are broken due to failing pycrypto signature check
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 21 Oct 2016 10:44:22 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 21 Oct 2016 06:44:33 -0400
In-reply-to: <042.860f31a624be924b474232c7b2ce4e8a@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.860f31a624be924b474232c7b2ce4e8a@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#20422: Tor Browser builds are broken due to failing pycrypto signature check
--------------------------------------+--------------------------
 Reporter:  gk                        |          Owner:  tbb-team
     Type:  defect                    |         Status:  new
 Priority:  Medium                    |      Milestone:
Component:  Applications/Tor Browser  |        Version:
 Severity:  Normal                    |     Resolution:
 Keywords:  tbb-gitian                |  Actual Points:
Parent ID:                            |         Points:
 Reviewer:                            |        Sponsor:
--------------------------------------+--------------------------

Comment (by boklm):

 I think to fix this we can:
 * email the pycrypto author to ask if they have an updated key
 * check the checksum of the file instead of its gpg signature
 * check for EXPSIG in addition to GOODSIG in the gpg status output, to
 allow signatures from expired keys. This will however apply to all
 packages. If we do this we should also clean all the keyring files we use
 to remove obsolete expired keys to make sure they cannot be used.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20422#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #20422 [- Select a component]: Tor Browser builds are broken due to failing pycrypto signature check
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #20347 [Applications/Tor Browser]: Put "custom" option on security slider?
Next by Author: Re: [tor-bugs] #19024 [Core Tor/Tor]: prop224: Refactor rend_data_t so be able to use multiple HS version
Previous by thread: Re: [tor-bugs] #20422 [Applications/Tor Browser]: Tor Browser builds are broken due to failing pycrypto signature check
Next by thread: Re: [tor-bugs] #20422 [Applications/Tor Browser]: Tor Browser builds are broken due to failing pycrypto signature check
Index(es):
- Author
- Thread