[tor-bugs] #26539 [Webpages/Website]: add checksums to download page; make checksum vs. sig file purpose much clearer

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Sep 3 18:29:26 UTC 2018


#26539: add checksums to download page; make checksum vs. sig file purpose much
clearer
----------------------------------------+------------------------------
 Reporter:  cypherpunks                 |          Owner:  traumschule
     Type:  defect                      |         Status:  needs_review
 Priority:  Medium                      |      Milestone:
Component:  Webpages/Website            |        Version:
 Severity:  Normal                      |     Resolution:
 Keywords:  gpg, verify gpg signatures  |  Actual Points:
Parent ID:  #3893                       |         Points:
 Reviewer:                              |        Sponsor:
----------------------------------------+------------------------------
Changes (by traumschule):

 * status:  assigned => needs_review


Comment:

 https://github.com/torproject/webwml/pull/31/commits/1a9235304a88d80408ef580d0bc33aa406401f58

 This commit adds following to all download pages:

 > Always verify OpenPGP package signatures (sig) to make sure you've
 downloaded the file we intended you to get. We also offer sha256
 checksums.
 > The Firefox ESR in our bundles is modified from the default Firefox ESR.

 Please correct the wording.

 Comment from #tor-dev:
 > in general i think the people who want to check checksums and not
 signatures should not be encouraged

 Note that the signature files are not listed in the checksum files.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/26539#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list