[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #30280 [Applications/Tor Browser]: Wrong SHA-256 sum for j2objc-annotations-1.1.jar

To: undisclosed-recipients: ;
Subject: Re: [tor-bugs] #30280 [Applications/Tor Browser]: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Wed, 24 Apr 2019 20:37:11 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 24 Apr 2019 16:37:24 -0400
In-reply-to: <042.bc67a33d38a14cd3d1ba2a36c4dbaf62@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <042.bc67a33d38a14cd3d1ba2a36c4dbaf62@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#30280: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
-------------------------------------------------+-------------------------
 Reporter:  gk                                   |          Owner:  tbb-
                                                 |  team
     Type:  defect                               |         Status:  new
 Priority:  High                                 |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-mobile, tbb-rbm,                 |  Actual Points:
  TorBrowserTeam201904                           |
Parent ID:                                       |         Points:
 Reviewer:                                       |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by gk):

 Replying to [comment:2 sisbell]:
 > If we look at maven central, we see the later 2017 version
 >
 > http://central.maven.org/maven2/com/google/j2objc/j2objc-annotations/1.1
 >
 > If we go to ibiblio, we see the earlier 2016 version
 > http://maven.ibiblio.org/maven2/com/google/j2objc/j2objc-
 annotations/1.1/
 >
 > So it does look like bintray pulled from ibiblio and then later from
 maven central. We don't have any assurances bintray wouldn't switch back
 at some point.
 >
 > My suggestion at this point, is to dump all uses of bintray. There is
 nothing stopping someone from overriding artifacts, using this as a back
 door. We can point all references directly to maven central and then to
 ibiblio in the (unlikely) situation that central doesn't host the
 artifact.

 Works for me. Could you come up with a patch for that?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/30280#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #30280 [Applications/Tor Browser]: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #30127 [Webpages/Website]: Learn more link for circuit display is broken
Next by Author: Re: [tor-bugs] #29279 [Obfuscation/Obfsproxy]: Reach out to NGOs to test obfs4 reachability
Previous by thread: Re: [tor-bugs] #30280 [Applications/Tor Browser]: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
Next by thread: Re: [tor-bugs] #30280 [Applications/Tor Browser]: Wrong SHA-256 sum for j2objc-annotations-1.1.jar
Index(es):
- Author
- Thread