[tor-bugs] #13407 [Tor bundles/installation]: Transition smoothly away from Erinn's signing key for the coming releases
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Oct 15 13:39:02 UTC 2014
#13407: Transition smoothly away from Erinn's signing key for the coming releases
------------------------------------------+--------------------------------
Reporter: gk | Owner: erinn
Type: task | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Resolution: | Keywords: security,
Actual Points: | usability
Points: | Parent ID:
------------------------------------------+--------------------------------
Comment (by gk):
Replying to [comment:4 lunar]:
> Replying to [comment:3 gk]:
> > 2. What are the blockers you see for giving all users the full
benefits of reproducible builds?
>
> I would rather postpone that for another time. Right now there's a hell
lot of documentation out there that assumes that files are signed
individually. I'm interested in finding the best ways to continue doing
so.
Huh? I fail to see why "there's a hell lot of documentation out there that
assumes that files are signed individually" should prevent *enumerating*
the blockers for moving to a different verification scheme. But it seems
at least the amount of documentation relying on single keys is one of the
blockers (which is, btw, kind of a catch-22 situation as we won't get new
documentation if we are not switching the verification scheme). Good, what
else?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13407#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list