[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Absence of digital signature of TBB sources

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Absence of digital signature of TBB sources
From: Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
Date: Wed, 4 Apr 2012 18:18:20 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 04 Apr 2012 12:18:37 -0400
In-reply-to: <20120404123434.GF8191@xxxxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4F7C0D90.6040900@xxxxxxxxx> <CABqy+srWgyUMcGyyoj3-U4GZHLmC38SzGz7SmMoJPMKNZ9Bp+g@xxxxxxxxxxxxxx> <20120404123434.GF8191@xxxxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Apr 4, 2012, at 2:34 PM, andrew@xxxxxxxxxxxxx wrote:

> On Wed, Apr 04, 2012 at 10:44:10AM +0000, rransom.8774@xxxxxxxxx wrote 0.7K bytes in 20 lines about:
> : The official TBBs are built from the sources in Git, not from the
> : tarballs.  There probably shouldn't be any release tarballs for TBB
> : source code.
> 
> But anyone should be able to build TBB from the source tarball. At least,
> this is how I used to build everything way back in the day when I built
> all of the packages.
> 
> I didn't use the source repo. I tagged a release, built a source tarball,
> and then built the packages from the tarball. This way our builds were
> official, but at least others could build their own packages the same
> way we did.

In theory the (signed, of course) tags in a git repo can fulfil the same
purpose. That's probably the model we should aim for here.

I'll poke Erinn again about the existing tarball's signatures, tho
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Absence of digital signature of TBB sources
  - From: James Brown

References:
- [tor-talk] Absence of digital signature of TBB sources
  - From: James Brown
- Re: [tor-talk] Absence of digital signature of TBB sources
  - From: Robert Ransom
- Re: [tor-talk] Absence of digital signature of TBB sources
  - From: andrew

Prev by Author: Re: [tor-talk] Tor 0.2.3.14-alpha is out
Next by Author: [tor-talk] 4G/LTE
Previous by thread: Re: [tor-talk] Absence of digital signature of TBB sources
Next by thread: Re: [tor-talk] Absence of digital signature of TBB sources
Index(es):
- Author
- Thread