[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Absence of digital signature of TBB sources

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Absence of digital signature of TBB sources
From: Maxim Kammerer <mk@xxxxxx>
Date: Fri, 6 Apr 2012 00:22:53 +0300
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 05 Apr 2012 17:23:27 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dee.su; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type:content-transfer-encoding; bh=v9osQiHGbZ6ZBzrY/dS/hg/V0wG58qfwmovhjj6w2jU=; b=M5LVCTvKjvSTEpjLiaQJeNTjpsqnHnPTcMareZ9737llybujq2cx7IrE0qeQMKxgYK ewGjQAEaVHDjOOJirmQR30DvggbwboEPBg1OibQfr/gZw05dx0DGuNCqDYnA3liJVKDW w1YpYRTyQdo/FZsISWvUwwt0jsa1y8IIKuRKY=
In-reply-to: <4F7E030E.9080903@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <4F7C0D90.6040900@xxxxxxxxx> <CABqy+srWgyUMcGyyoj3-U4GZHLmC38SzGz7SmMoJPMKNZ9Bp+g@xxxxxxxxxxxxxx> <20120404191535.GF19657@xxxxxxxxxxxxxx> <4F7E030E.9080903@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx

On Thu, Apr 5, 2012 at 23:39, James Brown <jbrownfirst@xxxxxxxxx> wrote:
> And how can I check signatures of the git tags?

You need to clone the repository, since git signatures sign SHA-1
hashes of DAG nodes [1], which need to be traversed until tree root
for verification. This is also an answer to Andrew's question above:
git tags are not better than signed source tarballs for users who only
need to compile the source.

[1] http://eagain.net/articles/git-for-computer-scientists/

-- 
Maxim Kammerer
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Absence of digital signature of TBB sources
  - From: James Brown
- Re: [tor-talk] Absence of digital signature of TBB sources
  - From: Robert Ransom
- Re: [tor-talk] Absence of digital signature of TBB sources
  - From: Erinn Clark
- Re: [tor-talk] Absence of digital signature of TBB sources
  - From: James Brown

Prev by Author: Re: [tor-talk] access sites
Next by Author: Re: [tor-talk] access sites
Previous by thread: Re: [tor-talk] Absence of digital signature of TBB sources
Next by thread: [tor-talk] websites
Index(es):
- Author
- Thread