[tor-bugs] #18287 [Applications/Tor Browser]: Use SHA-2 signature for Tor Browser setup executables
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri May 18 09:53:01 UTC 2018
#18287: Use SHA-2 signature for Tor Browser setup executables
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: enhancement | Status: closed
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution: fixed
Keywords: tbb-security, TorBrowserTeam201805, | Actual Points:
GeorgKoppen201805 |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):
* status: assigned => closed
* resolution: => fixed
Comment:
Okay, Mozilla is still using SHA-1 for signing the installer (with a SHA-2
cert) but I've amended our signing script so that we use SHA-256 from now
on. We'll test that in the first ESR50-based alpha. The script to use for
signing those .exe files is the *256.sh one.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18287#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list