[tbb-bugs] #31988 [Applications/Tor Browser]: Generate a mar signing key for nightly builds
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jan 30 15:16:15 UTC 2020
#31988: Generate a mar signing key for nightly builds
-------------------------------------------------+-------------------------
Reporter: boklm | Owner: boklm
Type: defect | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-rbm, boklm201910, tbb-update, | Actual Points: 1
TorBrowserTeam202001R |
Parent ID: #18867 | Points: 1
Reviewer: mcs | Sponsor:
-------------------------------------------------+-------------------------
Comment (by mcs):
Replying to [comment:10 boklm]:
> I have been thinking about adding a password to the key, but then
realized that we will using this key to sign automatically new nightly
builds, so the signing script will need to know the password and we would
need to store the password in a file along with the key. This means that
if an attacker is able to steal the key, they will also likely be able to
steal the password with it. So it seems to me that having a password does
not provide any additional protection, and not having one make things a
little more simple.
What you said makes sense to me, so:
r=mcs
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31988#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list