[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #10002 [Website]: Decide how to handle TBB 3.0beta download links and signature instructions
#10002: Decide how to handle TBB 3.0beta download links and signature instructions
-----------------------+---------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: new
Priority: normal | Milestone:
Component: Website | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-----------------------+---------------------------
TBB 3.0beta1 is pretty much ready. We should start hosting download links
on https://www.torproject.org/projects/torbrowser.html.en, and figure out
how to handle the signature verification problem.
Because of the new single sha256sums.txt file and multiple detached
signatures, the validation process is now more involved. Windows users
have to either use a powershell scriptlet to verify sha256
(https://blogs.msdn.com/b/mwilbur/archive/2007/03/14/get-
sha256.aspx?Redirected=true) or download hashdeep
(http://md5deep.sourceforge.net/hashdeep.html). We'll then have to either
explain how to download and rename one of the sigs, or make one of them
the default .asc and explain how to verify the others if they like.
Other alternatives include getting a real code signing cert for Windows
(since I bet roughly nobody downloads the sigs anyway) or getting funding
to turn torbrowser-launcher into a proper stub installer that works on all
platforms:
https://github.com/micahflee/torbrowser-launcher/issues/33
https://github.com/micahflee/torbrowser-launcher/issues/34
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10002>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs