[tor-bugs] #6011 [Company]: Write up proposal outline for build security
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Thu May 31 16:55:57 UTC 2012
#6011: Write up proposal outline for build security
-----------------------------+----------------------------------------------
Reporter: mikeperry | Owner: mikeperry
Type: project | Status: new
Priority: major | Milestone:
Component: Company | Version:
Keywords: MikePerry201206 | Parent:
Points: | Actualpoints:
-----------------------------+----------------------------------------------
#3688 is probably just the start of getting our build security where it
needs to be, and even that may require a lot of baby steps before the
solution is realized.
Once that's done, we should create a build and update deployment process
that is akin to the Tor dirauth consensus process: N independent machines
creating identical builds and detached signatures, and the build only gets
published if all manage to agree.
It will also be a lot of work even to get to a manual version of this
process. We should figure out how to break the plan into more baby steps
and write funding proposal(s) for them.
The ultimate goal should be to get full funding to deploy our autoupdater
with this multi-key validation process so that other organizations can use
it. That will require even more funding and work.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6011>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list