[tor-bugs] #10002 [Website]: Decide how to handle TBB 3.0beta download links and signature instructions
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Oct 21 21:51:24 UTC 2013
#10002: Decide how to handle TBB 3.0beta download links and signature instructions
-----------------------+---------------------------
Reporter: mikeperry | Owner: mikeperry
Type: task | Status: new
Priority: normal | Milestone:
Component: Website | Version:
Keywords: | Actual Points:
Parent ID: | Points:
-----------------------+---------------------------
TBB 3.0beta1 is pretty much ready. We should start hosting download links
on https://www.torproject.org/projects/torbrowser.html.en, and figure out
how to handle the signature verification problem.
Because of the new single sha256sums.txt file and multiple detached
signatures, the validation process is now more involved. Windows users
have to either use a powershell scriptlet to verify sha256
(https://blogs.msdn.com/b/mwilbur/archive/2007/03/14/get-
sha256.aspx?Redirected=true) or download hashdeep
(http://md5deep.sourceforge.net/hashdeep.html). We'll then have to either
explain how to download and rename one of the sigs, or make one of them
the default .asc and explain how to verify the others if they like.
Other alternatives include getting a real code signing cert for Windows
(since I bet roughly nobody downloads the sigs anyway) or getting funding
to turn torbrowser-launcher into a proper stub installer that works on all
platforms:
https://github.com/micahflee/torbrowser-launcher/issues/33
https://github.com/micahflee/torbrowser-launcher/issues/34
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10002>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list