[tor-bugs] #8346 [Tor bundles/installation]: Vidalia Bundles have bad signatures
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Mar 20 03:41:42 UTC 2013
#8346: Vidalia Bundles have bad signatures
-----------------------------------------+----------------------------------
Reporter: mo | Owner: erinn
Type: defect | Status: reopened
Priority: blocker | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
-----------------------------------------+----------------------------------
Comment(by nickm):
As I understand it, it was a snafu/clusterfuck surrounding the
release/unrelease of a Tor containing the ill-fated and under-tested
OpenSSL 1.0.1d. I've suggested (if I recall correctly!) that the right
solution is to replace the signature file with a tor-...why_no_sig file
explaining what happened. My rationale was that removing the signature
without comment would be silly and leaving it there would be silly and
replacing it with a post hoc signature would be extremely silly.
Helix has (if I understand correctly) agreed that this would be a good and
easy idea.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8346#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list