[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #31988 [Applications/Tor Browser]: Generate a mar signing key for nightly builds

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #31988 [Applications/Tor Browser]: Generate a mar signing key for nightly builds
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Thu, 30 Jan 2020 15:16:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 30 Jan 2020 10:16:28 -0500
In-reply-to: <045.1455a296baba7f63165db8498d7b8fc1@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <045.1455a296baba7f63165db8498d7b8fc1@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, blackhole@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#31988: Generate a mar signing key for nightly builds
-------------------------------------------------+-------------------------
 Reporter:  boklm                                |          Owner:  boklm
     Type:  defect                               |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-rbm, boklm201910, tbb-update,    |  Actual Points:  1
  TorBrowserTeam202001R                          |
Parent ID:  #18867                               |         Points:  1
 Reviewer:  mcs                                  |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by mcs):

 Replying to [comment:10 boklm]:
 > I have been thinking about adding a password to the key, but then
 realized that we will using this key to sign automatically new nightly
 builds, so the signing script will need to know the password and we would
 need to store the password in a file along with the key. This means that
 if an attacker is able to steal the key, they will also likely be able to
 steal the password with it. So it seems to me that having a password does
 not provide any additional protection, and not having one make things a
 little more simple.

 What you said makes sense to me, so:
 r=mcs

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31988#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #32970 [Internal Services/Tor Sysadmin Team]: Please create email alias/forwarding and LDAP for jnewsome
Next by Author: Re: [tor-bugs] #32846 [Core Tor/Tor]: Tor Manual: Alphabetize Client Options
Previous by thread: Re: [tor-bugs] #31988 [Applications/Tor Browser]: Generate a mar signing key for nightly builds
Next by thread: Re: [tor-bugs] #31988 [Applications/Tor Browser]: Generate a mar signing key for nightly builds
Index(es):
- Author
- Thread