[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #9864 [- Select a component]: Make it easier for users to do file verification

Subject: [tor-bugs] #9864 [- Select a component]: Make it easier for users to do file verification
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Tue, 01 Oct 2013 20:01:34 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 01 Oct 2013 16:01:45 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9864: Make it easier for users to do file verification
-------------------------------------------------+-------------------------
 Reporter:  mttp                                 |          Owner:  Sherief
     Type:  project                              |         Status:  new
 Priority:  normal                               |      Milestone:
Component:  - Select a component                 |        Version:
 Keywords:  usability, firefox, GPG, signatures  |  Actual Points:
Parent ID:                                       |         Points:
-------------------------------------------------+-------------------------
 Verifying the contents of the Tor Browser Bundle seems to be one of the
 most confusing things that we ask users to do. The help desk often gets
 requests from users seeking guidance on verifying bundles.

 The website documentation on file signature verification we have can be
 found at https://www.torproject.org/docs/verifying-signatures.html.en.
 Multiple users have reported that these inctructions are confusing. I
 don't think this entirely the fault of the page's author.

 There are several issues here to consider:

 1) On the file verification page we tell Windows users to download Gpg4win
 so they can download the bundles. Unfortunately there's no verification
 tool for gpg4win.

 2) The signature verification page will be out-of-date once TBB 3 becomes
 stable. Verifying TBB 3 requires users to verify a signed text file of
 sha256sums, and then take the sha256sum of the package and see if it
 matches what's in the signed text file. Currently there is no way to take
 the sha256sum of anything on Windows unles you compile a program to do it
 yourself or download and run an unverified .exe file from any number of
 http-only websites that show up on a google search.

 3) Command line interface is intimidating for many people. There are no
 instructions on our website for using GUI GnuPG frontends.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9864>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #9864 [- Select a component]: Make it easier for users to do file verification
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #9864 [Tor bundles/installation]: Make it easier for users to do file verification
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #9864 [Tor bundles/installation]: Make it easier for users to do file verification
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #9864 [Tor bundles/installation]: Make it easier for users to do file verification
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #9862 [Tor]: Tor hangs if you ask it to open too many ORPorts
Next by Author: Re: [tor-bugs] #9864 [- Select a component]: Make it easier for users to do file verification
Previous by thread: Re: [tor-bugs] #9863 [Pluggable transport]: Move websocket-transport to its own repo
Next by thread: Re: [tor-bugs] #9864 [- Select a component]: Make it easier for users to do file verification
Index(es):
- Author
- Thread