[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TBB update using offline/ downloaded tarball?

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] TBB update using offline/ downloaded tarball?
From: Cain Ungothep <ungocain@xxxxxxxxxx>
Date: Fri, 21 Aug 2015 06:14:54 +0200
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 21 Aug 2015 00:22:45 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail; t=1440130495; bh=Zz02eyktGH4ZU26mCbsaEKDh6OPXEdZ5W9rij4AjIr0=; h=From:To:Subject:Date; b=QffuemYNMDyJX/OFTdb8ljwwXmyi7EAeSCk77GCiJgIHCfDDiOc77nkPqgs32n/nv 5LMx3Ujfe6/tX2Gq4sITtCs1eRqXl0lcfYivO6Q1o9Ks5Um7ubLcF79WRxFz3zpFPO M6Vpgi9t8M4A8ioy28npH2z44fMRdikS4Gs+k0SU=
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

> This will upgrade the Linux x64 version from 4.5.3 to 5.0. To apply:
> 
> $ cd /path/to/tor-stuff
> $ rm -rf outside.old; mv outside outside.old; mkdir outside
> $ cp [.mar file] outside/update.mar
> $ cd [tor-browser directory]
> $ cp updater ../../outside
> $ ../../outside/updater ../../outside . .

You left out the part about verifying PGP signatures (!).

You're excused this time because the MAR format allows for (possibly
multiple) signatures and Tor developers do sign their MAR releases.  I
also expect the Tor Browser to fail tightly in case of unsigned/invalid
MAR files.  But for those that already decided what degree of trust to
put where, and are going the manual route anyway, checking a PGP
signature ex ante is in order.

See:  https://www.torproject.org/docs/verifying-signatures.html.en#MARVerification
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Prev by Author: Re: [tor-talk] TBB 5 and Firefox Reader
Next by Author: Re: [tor-talk] Request: Firefox extension/addon checking tutorial
Previous by thread: Re: [tor-talk] TBB update using offline/ downloaded tarball?
Next by thread: [tor-talk] Latest update fails to carry NoScript whitelist forward.
Index(es):
- Author
- Thread