Hi Everyone, (moving this email from the support-team ML to tor-dev as Runa suggested.) I am starting to work on a small GUI tool for file verification because I find guiding users through the verification process on Windows/Mac through the command line painful. Tools in use: - Python 3.3 or 2.7 (still didn't decide yet). - PyQT - python-gnupg-0.3.5 I might also add a log window and a save log button to see what went wrong during the verification process. Attached is a draft design of how the tool would look like. On Mon, Sep 23, 2013 at 7:12 PM, Lunar <lunar@torproject.org> wrote:
How do you think users will be able to install such a tool on their system?
There won't be any installation required It's a single executable.
More importantly, how will they be able to ensure that it's not a tampered version?
I've thought about that and few things came to mind: - Include the executable inside TBB. - Host it somewhere and also provide a SHA-256 hash on a website or in a file. But this is all an endless chain because lets say I download TBB, then download gpg to verify it but then how do I make sure that gpg it self wasn't tampered with? (assuming I don't have it installed already.) Any help or suggestions would be much appreciated. Thanks. -- Sherief Alaa pgp 0x8623B882
