[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor Project infrastructure updates in response to security breach

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Tor Project infrastructure updates in response to security breach
From: Sebastian Hahn <mail@xxxxxxxxxxxxxxxxx>
Date: Thu, 21 Jan 2010 06:28:08 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 21 Jan 2010 00:35:15 -0500
In-reply-to: <d2e731a11001202125j49ee6c9ag27c4005328b13f09@xxxxxxxxxxxxxx>
References: <20100120214344.GL25864@xxxxxxxxxxxxxx> <20100121041228.GD13840@xxxxxxxxxxxxxx> <20100121051432.GN25864@xxxxxxxxxxxxxx> <d2e731a11001202125j49ee6c9ag27c4005328b13f09@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx


On Jan 21, 2010, at 6:25 AM, grarpamp wrote:

As I wrote someone earlier...
It would be easier to just sign the git revision hashes at variousintervals.
Such as explicitly including the revision hash that each release is
made from in the release docs itself. And then signing that release.
That way everyone... git repo maintainers, devels, mirrors, users...
can all verify the git repo via that signature. Of course the sigkey materialneeds to be handled in a sanitary way, but still, it's the idea thatmatters.And git, not svn, would need to be the canonical repo committerscommit
to, etc.

This already happens. Clone the Tor repository, and you'll find asigned tag named tor-0.2.2.7-alpha.


Use "git tag -v tor-0.2.2.7-alpha" to check for yourself.

Sebastian
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

Follow-Ups:
- Re: Tor Project infrastructure updates in response to security breach
  - From: grarpamp

References:
- Tor Project infrastructure updates in response to security breach
  - From: Roger Dingledine
- Re: Tor Project infrastructure updates in response to security breach
  - From: Peter Thoenen
- Re: Tor Project infrastructure updates in response to security breach
  - From: Roger Dingledine
- Re: Tor Project infrastructure updates in response to security breach
  - From: grarpamp

Prev by Author: Re: TLS renegotiating error persists on FreeBSD 8.0 updated.
Next by Author: Trend Micro blocking Tor site?
Previous by thread: Re: Tor Project infrastructure updates in response to security breach
Next by thread: Re: Tor Project infrastructure updates in response to security breach
Index(es):
- Author
- Thread