[tor-bugs] #5147 [Tor bundles/installation]: wrong/no signatures on FC packages

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Tue Feb 28 12:43:37 UTC 2012


#5147: wrong/no signatures on FC packages
-----------------------------------------+----------------------------------
    Reporter:  qbi                       |       Owner:  erinn           
        Type:  defect                    |      Status:  reopened        
    Priority:  major                     |   Milestone:                  
   Component:  Tor bundles/installation  |     Version:  Tor: unspecified
  Resolution:                            |    Keywords:                  
      Parent:                            |      Points:                  
Actualpoints:                            |  
-----------------------------------------+----------------------------------
Changes (by marlowe):

 * cc: marlowe@… (added)


Comment:

 The sucker steps forward. ;)

 We don't need to post the .asc files.  rpm performs the signature check
 internally.  The user imports the GPG key of the package signer into their
 rpmdb.  Through this mechanism, they can verify the rpm hasn't changed
 since we signed it.  The particular use case might be users who prefer to
 install the rpm directly as opposed to through yum.

 I think we can close the ticket.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5147#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list