[tor-bugs] #2340 [Tor bundles/installation]: GPG signatures do not authenticate filenames
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Wed Mar 16 21:23:29 UTC 2011
#2340: GPG signatures do not authenticate filenames
--------------------------------------+-------------------------------------
Reporter: rransom | Owner: rransom
Type: defect | Status: assigned
Priority: critical | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent:
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Changes (by rransom):
* status: needs_review => assigned
Comment:
The Go standard library now contains an `openpgp` package which may be
sufficient to write a verification tool for signature files produced by
`make-signature.sh`. We would still need to work out how the verification
tool would manage keys and make trust decisions.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2340#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list