[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #20209 [Applications/Tor Browser]: Torbrowser 6.5a3 packages now signed with sha1, not sha512
#20209: Torbrowser 6.5a3 packages now signed with sha1, not sha512
------------------------------------------+----------------------
Reporter: arma | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------------------+----------------------
{{{
$ gpg -v torbrowser-install-6.0.5_en-US.exe.asc
gpg: assuming signed data in `torbrowser-install-6.0.5_en-US.exe'
gpg: Signature made Fri 16 Sep 2016 07:53:01 AM EDT
gpg: using RSA key 2E1AC68ED40814E0
gpg: using subkey 2E1AC68ED40814E0 instead of primary key 4E2C6E8793298290
gpg: using PGP trust model
gpg: Good signature from "Tor Browser Developers (signing key)
<torbrowser@xxxxxxxxxxxxxx>"
gpg: binary signature, digest algorithm SHA512
}}}
compared to
{{{
$ gpg -v torbrowser-install-6.5a3_en-US.exe.asc
gpg: armor header: Version: GnuPG v1
gpg: assuming signed data in `torbrowser-install-6.5a3_en-US.exe'
gpg: Signature made Tue 20 Sep 2016 11:10:10 AM EDT
gpg: using RSA key D1483FA6C3C07136
gpg: using subkey D1483FA6C3C07136 instead of primary key 4E2C6E8793298290
gpg: using PGP trust model
gpg: Good signature from "Tor Browser Developers (signing key)
<torbrowser@xxxxxxxxxxxxxx>"
gpg: binary signature, digest algorithm SHA1
}}}
What made us switch to SHA1 for the latest alpha build? Is this some bug
in our release process?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20209>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs