[tor-bugs] #18752 [Orbot]: [Security Alert] Latest Orbot is signed by different key.
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Apr 8 16:19:50 UTC 2016
#18752: [Security Alert] Latest Orbot is signed by different key.
----------------------+-----------------------
Reporter: ikurua22 | Owner: n8fr8
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Orbot | Version:
Severity: Critical | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
----------------------+-----------------------
Comment (by n8fr8):
Yes, so there is a problem which is Orbot is in both F-Droid.org and the
Guardian Project repo. The F-Droid app makes it hard to know where you are
getting it from.
15.1.2 is indeed from us, and from our F-Droid repo.
I agree Orbot should be removed from the main repo.
Also though we are working with them on a new system where they would
build the source code, compare it to ours, and then use binary signed with
our key, if it matches up.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18752#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list