[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] TBB Gentoo ebuild



On Sun, 2012-08-12 at 15:11 -0400, Mansour Moufid wrote:
> Portage offers no authentication and no confidentiality.

Each file has a SHA-256, SHA-512 and Whirlpool hash associated. This
hashes are in Portage, and if you're a security-aware user (as most of
Gentoo users are) you can get it in a secure way, which means
PGP-signed.

Take a look at the handbook:
http://www.gentoo.org/doc/en/handbook/2008.0/handbook-x86.xml?part=2&chap=3#doc_chap6

Confidentiality is not required, because currently we distribute TBB
patches with portage, so you get them along with all the other Portage
updates as all the Gentoo users. The rest looks like a normal Firefox
installation. The Tor client is fetched through HTTPS.

Ale

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev