[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Absence of digital signature of TBB sources
On Thu, Apr 5, 2012 at 23:39, James Brown <jbrownfirst@xxxxxxxxx> wrote:
> And how can I check signatures of the git tags?
You need to clone the repository, since git signatures sign SHA-1
hashes of DAG nodes , which need to be traversed until tree root
for verification. This is also an answer to Andrew's question above:
git tags are not better than signed source tarballs for users who only
need to compile the source.
Liberté Linux (discussion / support: http://dee.su/liberte-contribute)
tor-talk mailing list