[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #18287 [Tor bundles/installation]: Use SHA-2 signature for Tor Browser setup executables

Subject: [tor-bugs] #18287 [Tor bundles/installation]: Use SHA-2 signature for Tor Browser setup executables
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 09 Feb 2016 10:11:51 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 09 Feb 2016 05:12:02 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18287: Use SHA-2 signature for Tor Browser setup executables
------------------------------------------+--------------------------
     Reporter:  gk                        |      Owner:  erinn
         Type:  enhancement               |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Tor bundles/installation  |    Version:
     Severity:  Normal                    |   Keywords:  tbb-security
Actual Points:                            |  Parent ID:
       Points:                            |    Sponsor:
------------------------------------------+--------------------------
 As tjr mentioned in #17870 we only use SHA-1 when signing our Windows
 setup executables and should switch to SHA-2 or, better, provide both
 SHA-1 for older systems and SHA-2 for newer ones. Mozilla tried to deal
 with it in https://bugzilla.mozilla.org/show_bug.cgi?id=1079858 which
 might be a good starting point for solving this bug.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18287>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #16990 [Tor Browser]: Circuit visualizer stops working after some time
Next by Author: Re: [tor-bugs] #17870 [Tor Browser]: Some Windows 10 users experience authenticode errors if Tor Browser is signed on Linux
Previous by thread: Re: [tor-bugs] #18286 [Tor]: tor 0.2.8.1-alpha-dev - dumping core on test, tor binary dumps core as well
Next by thread: [tor-bugs] #18288 [Tor bundles/installation]: Sign Tor Browser binaries on Windows (not just the setup executable)
Index(es):
- Author
- Thread