[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #5689 [Tor bundles/installation]: tor-browser-2.2.35-9_en-US.exe infected?
#5689: tor-browser-2.2.35-9_en-US.exe infected?
-----------------------------------------+----------------------------------
Reporter: taylorkh | Owner: erinn
Type: defect | Status: reopened
Priority: critical | Milestone: TorBrowserBundle 2.2.x-stable
Component: Tor bundles/installation | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
-----------------------------------------+----------------------------------
Comment(by Sebastian):
Replying to [comment:8 mikeperry]:
> Did we get a reason from them? Also, it's just F-Secure that updated,
right? That doesn't make this fixed. The reporter also mentioned
bitdefender, and commenters mentioned mccaffee.
No, we didn't get a reason. This is fixed, I checked on virustotal and it
comes up entirely clean for all scanners they test.
> Also, has anyone tried scanning a bundle built on a different, fresh
machine?
Yes, I tried that on the very first day, and that bundle came out clean
(so much for reproducible builds)
> Also, why don't we keep fresh build images or snapshots at the very
least? If #3688 is out of reach, we should at least be reverting to known
clean snapshots before each build.
I have no idea how the build machine setup works. Reverting to snapshots
is silly when we need to keep track of security updates of dependencies,
which happens way too frequently.
Please close this if you're satisfied now, and open a new bug for build-
machine related things
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5689#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs