[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor Project infrastructure updates in response to security breach

> You're right. I was considering addons.mozilla.org as the canonical
> source of the xpi, but still, that can be owned too. In fact, I just
> got a message from them informing me that they modified my torbutton
> 1.2.3 xpi to prevent it from being listed as compatible with FF3.6. So
> they see fit to randomly modify the xpis too. Wonder what would happen
> if I did have a code signing cert..

Wow, that sounds quite scary. Ok, probably it's no big deal for any
addon that is not security-centric, but it's still not nice to
arbitrarily modify someone else's code.

> I've posted the gpg sigs for 1.2.2, 1.2.3 and 1.2.4 at:
> https://www.torproject.org/torbutton/releases/

Thanks! I love the Tor community for always keeping up with expectations.

To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/