[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #3379 [GetTor]: GetTor reply omits GPG instructions

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #3379 [GetTor]: GetTor reply omits GPG instructions
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sat, 11 Jun 2011 01:48:15 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 10 Jun 2011 21:48:27 -0400
In-reply-to: <047.9786848227d8b14c1043251611fb3f81@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.9786848227d8b14c1043251611fb3f81@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#3379: GetTor reply omits GPG instructions
----------------------+-----------------------------------------------------
 Reporter:  rransom   |          Owner:     
     Type:  defect    |         Status:  new
 Priority:  critical  |      Milestone:     
Component:  GetTor    |        Version:     
 Keywords:            |         Parent:     
   Points:            |   Actualpoints:     
----------------------+-----------------------------------------------------

Comment(by rransom):

 Replying to [ticket:3379 rransom]:
 >
 {{{
 The output should look somewhat like this:

   gpg: Good signature from 'Roger Dingledine <arma@xxxxxxx>'
 }}}

 The message contains Roger's user ID, even if the package attached to it
 is signed by (for example) Erinn.

 nickm suggests that the GetTor message not use the user ID of any real key
 in its example, because then users will trust that user ID to sign the
 package.  I don't know what would be better, though; users who need to use
 GetTor can't read [https://www.torproject.org/docs/verifying-signatures
 our verifying-signatures page].

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3379#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

References:
- [tor-bugs] #3379 [GetTor]: GetTor reply omits GPG instructions
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #3380 [GetTor]: GetTor does not send signature for âsource-bundleâ
Next by Author: Re: [tor-bugs] #3374 [Torouter]: Torouter OS and configuration
Previous by thread: [tor-bugs] #3379 [GetTor]: GetTor reply omits GPG instructions
Next by thread: [tor-bugs] #3380 [GetTor]: GetTor does not send signature for âsource-bundleâ
Index(es):
- Author
- Thread