[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #26536 [Applications/Tor Browser]: Create APK signing keys
#26536: Create APK signing keys
--------------------------------------+-----------------------------------
Reporter: sysrqb | Owner: tbb-team
Type: task | Status: needs_information
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-mobile | Actual Points:
Parent ID: #26531 | Points:
Reviewer: | Sponsor:
--------------------------------------+-----------------------------------
Comment (by sysrqb):
Replying to [comment:2 gk]:
> What's the story in case the key gets compromised/lost and needs to get
replaced?
Total sadness.
>How is that handled? (I am in particular interested in the impact for
updates)
Basically, we would generate a new key, and existing users would not be
able to install the next update because the signing key would be
different. As a result, we would have two options. 1) release a new
version of the app signed with the new key, but first an existing user
would need to uninstall the old version of the app before they can install
the new version. 2) release a new version of the app using a different
name (org.torproject.torbrowser2, or something like that). If we use a
different name, then the user can have both versions installed at the same
time and they can manually copy any bookmarks from one app to the other.
We might want to create a plan for how we inform users about this
situation and what they should do.
{{{
If you lose access to your app signing key or your key is compromised,
Google cannot retrieve the app signing key for you, and you will not
be able to release new versions of your app to users as updates to the
original app.
}}}
https://developer.android.com/studio/publish/app-signing#self-manage
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26536#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs