[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TBB update mechanism



Hans Vader:
> Dear TOR people,
> 
> I have a question regarding the updating mechanism of tor browser from
> within the browser.
> These updates are signed I stronly suppose. I would like to know, does
> checking these signatures depend on external programs like gpg? Is the
> signature verification application for updates part of the browser
> bundle itself?

For updates we essentially use the Firefox updater and, yes, we are
signing the update files.

Firefox and thus Tor Browser comes with its own means to check the
signature[1], there is no external tool required. For more information
about the Firefox update process and the .mar files, which are the
update files the Tor Browser build process produces, see the Mozilla
wiki[2] as a starting point.

Georg

[1] https://wiki.mozilla.org/Software_Update:MAR_Signing_and_Verification
[2] https://wiki.mozilla.org/Software_Update

Attachment: signature.asc
Description: OpenPGP digital signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk