[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TBB update using offline/ downloaded tarball?

> This will upgrade the Linux x64 version from 4.5.3 to 5.0. To apply:
> $ cd /path/to/tor-stuff
> $ rm -rf outside.old; mv outside outside.old; mkdir outside
> $ cp [.mar file] outside/update.mar
> $ cd [tor-browser directory]
> $ cp updater ../../outside
> $ ../../outside/updater ../../outside . .

You left out the part about verifying PGP signatures (!).

You're excused this time because the MAR format allows for (possibly
multiple) signatures and Tor developers do sign their MAR releases.  I
also expect the Tor Browser to fail tightly in case of unsigned/invalid
MAR files.  But for those that already decided what degree of trust to
put where, and are going the manual route anyway, checking a PGP
signature ex ante is in order.

See:  https://www.torproject.org/docs/verifying-signatures.html.en#MARVerification
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to