[tbb-bugs] #20422 [Applications/Tor Browser]: Tor Browser builds are broken due to failing pycrypto signature check
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 21 10:44:22 UTC 2016
#20422: Tor Browser builds are broken due to failing pycrypto signature check
--------------------------------------+--------------------------
Reporter: gk | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-gitian | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by boklm):
I think to fix this we can:
* email the pycrypto author to ask if they have an updated key
* check the checksum of the file instead of its gpg signature
* check for EXPSIG in addition to GOODSIG in the gpg status output, to
allow signatures from expired keys. This will however apply to all
packages. If we do this we should also clean all the keyring files we use
to remove obsolete expired keys to make sure they cannot be used.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20422#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list