[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20422 [Applications/Tor Browser]: Tor Browser builds are broken due to failing pycrypto signature check
#20422: Tor Browser builds are broken due to failing pycrypto signature check
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-gitian | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by boklm):
I think to fix this we can:
* email the pycrypto author to ask if they have an updated key
* check the checksum of the file instead of its gpg signature
* check for EXPSIG in addition to GOODSIG in the gpg status output, to
allow signatures from expired keys. This will however apply to all
packages. If we do this we should also clean all the keyring files we use
to remove obsolete expired keys to make sure they cannot be used.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20422#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs