[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Absence of digital signature of TBB sources

On 04.04.2012 16:18, Sebastian Hahn wrote:
> On Apr 4, 2012, at 2:34 PM, andrew@xxxxxxxxxxxxx wrote:
>> On Wed, Apr 04, 2012 at 10:44:10AM +0000, rransom.8774@xxxxxxxxx wrote 0.7K bytes in 20 lines about:
>> : The official TBBs are built from the sources in Git, not from the
>> : tarballs.  There probably shouldn't be any release tarballs for TBB
>> : source code.
>> But anyone should be able to build TBB from the source tarball. At least,
>> this is how I used to build everything way back in the day when I built
>> all of the packages.
>> I didn't use the source repo. I tagged a release, built a source tarball,
>> and then built the packages from the tarball. This way our builds were
>> official, but at least others could build their own packages the same
>> way we did.
> In theory the (signed, of course) tags in a git repo can fulfil the same
> purpose. That's probably the model we should aim for here.
> I'll poke Erinn again about the existing tarball's signatures, tho
> _______________________________________________

Thanks. it was effective now :)
There is a signature in his place now :)
P.S. Sorry for my idiotism I forgot the url-address of the main
repository of the Tor which is https://gitweb.torproject.org/ :) I tried
"http://deb.torproject.org/torproject.org"; from my sources.list but I
found there only deb-packages :)
If it possible could the team of the Torproject give the link to the
repos on the main page of the site? For such people as I which decided
to try themselves in compiling and devoloping etc. :)

tor-talk mailing list