[tor-bugs] #8286 [Tor bundles/installation]: Fetch software during TBB build process only over trusted HTTPS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Feb 20 02:18:35 UTC 2013
#8286: Fetch software during TBB build process only over trusted HTTPS
--------------------------------------+-------------------------------------
Reporter: ioerror | Owner: erinn
Type: enhancement | Status: new
Priority: major | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent: #8288
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by ioerror):
Replying to [comment:2 arma]:
> In theory, if we do #8283, this ticket isn't so needed from the security
side? But it is still useful from the resilience side?
This is likely to be completed first as it is literally just a swap out of
urls - no program flow really needs to change. Even if it was still using
the wget without cert checking, we'd _still_ be better off, I think.
Certainly because our HTTPS mirror will be up but also because it will be
faster and we can then add the wget change. See the attached patches.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8286#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list