[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #5260 [Company]: Make ldap account for marlowe

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #5260 [Company]: Make ldap account for marlowe
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sun, 04 Mar 2012 20:11:25 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 04 Mar 2012 15:11:36 -0500
In-reply-to: <047.e03bb2a04f6680f75b5e1abb5cae3e8e@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.e03bb2a04f6680f75b5e1abb5cae3e8e@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5260: Make ldap account for marlowe
---------------------+------------------------------------------------------
 Reporter:  marlowe  |          Owner:  weasel
     Type:  task     |         Status:  new   
 Priority:  normal   |      Milestone:        
Component:  Company  |        Version:        
 Keywords:           |         Parent:        
   Points:           |   Actualpoints:        
---------------------+------------------------------------------------------

Comment(by mikeperry):

 marlowe: I've developed a magical ritual that should obviate the need to
 get your papers inspected and your orifices sniffed by concentric rings of
 unwashed beardos:

 1. Post a url here to something signed with your key (preferably wherever
 you are currently hosting your rpm prototypes).
 2. Verify your own signature yourself from two or more different tor
 circuits, to ensure you weren't MITM'd on your end.
 3. We'll perform the same verification on our side, to ensure we see the
 same key.

 All we really care about in terms of key authentication is that whoever is
 building rpms is the same person as who was volunteering to do so. We
 don't really care about your name or your government-issued ID. Or at
 least we shouldn't...

 However, for my own peace of mind, it would be nice if we could find some
 way to authenticate that the rpms you produce actually come directly from
 the git sources. Ie: someone else can take the .spec file, the sources
 from git, and the patch set and build an identical rpm on a clean VM with
 the same sha1sum. See #3688.

 I'm not sure how we can do this and also have signed rpms, though.. But
 maybe there is a way to strip the signature from an RPM and then take the
 sha1sum?

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5260#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #5028 [Ooni]: Tor bridge scanning
Next by Author: Re: [tor-bugs] #5260 [Company]: Make ldap account for marlowe
Previous by thread: Re: [tor-bugs] #5260 [Company]: Make ldap account for marlowe
Next by thread: Re: [tor-bugs] #5260 [Company]: Make ldap account for marlowe
Index(es):
- Author
- Thread