[tor-commits] [gettor-web/master] Edit page with review inputs
hiro at torproject.org
hiro at torproject.org
Fri Sep 27 14:45:26 UTC 2019
commit 2c4f348fe22345fdc37f7cc98595565ea86eb211
Author: hiro <hiro at torproject.org>
Date: Fri Sep 27 16:45:22 2019 +0200
Edit page with review inputs
---
.gitignore | 6 +++-
content/contents.lr | 85 +----------------------------------------------------
2 files changed, 6 insertions(+), 85 deletions(-)
diff --git a/.gitignore b/.gitignore
index 41a4e3a..9d840a8 100644
--- a/.gitignore
+++ b/.gitignore
@@ -3,12 +3,14 @@ node_modules
.sass-cache
.DS_Store
+cache
+
public
*.mo
*.po
contents+*.lr
-.cache
+*.ipynb*
*.egg-info
*.pyc
@@ -42,6 +44,8 @@ tramp
/eshell/history
/eshell/lastdir
+node_modules
+
# elpa packages
/elpa/
diff --git a/content/contents.lr b/content/contents.lr
index f7b79bf..ebeeb66 100644
--- a/content/contents.lr
+++ b/content/contents.lr
@@ -21,88 +21,12 @@ The idea behind GetTor is very simple:
## How to verify a digital signature
Digital signature is a process ensuring that a certain package was generated by its developers and has not been tampered with.
-Below we explain why it is important and how to verify that the Tor program you download is the one we have created and has not been modified by some attacker.
In GetTor emails we provide a link to a file with the same name as the package and the extension ".asc". These .asc files are OpenPGP signatures.
They allow you to verify the file you've downloaded is exactly the one that we intended you to get.
For example, `torbrowser-install-win64-8.5.4_en-US.exe` is accompanied by `torbrowser-install-win64-8.5.4_en-US.exe.asc`.
-We now show how you can verify the downloaded file's digital signature on different operating systems.
-Please notice that a signature is dated the moment the package has been signed.
-Therefore every time a new file is uploaded a new signature is generated with a different date.
-As long as you have verified the signature you should not worry that the reported date may vary.
-
-### Installing GnuPG
-
-First of all you need to have GnuPG installed before you can verify signatures.
-
-#### For Windows users:
-
-If you run Windows, [download Gpg4win](https://gpg4win.org/download.html) and run its installer.
-
-In order to verify the signature you will need to type a few commands in windows command-line, `cmd.exe`.
-
-#### For macOS users:
-
-If you are using macOS, you can [install GPGTools](https://www.gpgtools.org).
-
-In order to verify the signature you will need to type a few commands in the Terminal (under "Applications").
-
-#### For GNU/Linux users:
-
-If you are using GNU/Linux, then you probably already have GnuPG in your system, as most GNU/Linux distributions come with it preinstalled.
-
-In order to verify the signature you will need to type a few commands in a terminal window. How to do this will vary depending on your distribution.
-
-### Fetching the Tor Developers key
-
-The Tor Browser team signs Tor Browser releases.
-Import the Tor Browser Developers signing key (0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290):
-
- gpg --auto-key-locate nodefault,wkd --locate-keys torbrowser at torproject.org
-
-This should show you something like:
-
- gpg: key 4E2C6E8793298290: public key "Tor Browser Developers (signing key) <torbrowser at torproject.org>" imported
- gpg: Total number processed: 1
- gpg: imported: 1
- pub rsa4096 2014-12-15 [C] [expires: 2020-08-24]
- EF6E286DDA85EA2A4BA7DE684E2C6E8793298290
- uid [ unknown] Tor Browser Developers (signing key) <torbrowser at torproject.org>
- sub rsa4096 2018-05-26 [S] [expires: 2020-09-12]
-
-After importing the key, you can save it to a file (identifying it by fingerprint here):
-
- gpg --output ./tor.keyring --export 0xEF6E286DDA85EA2A4BA7DE684E2C6E8793298290
-
-### Verifying the signature
-
-To verify the signature of the package you downloaded, you will need to download the corresponding ".asc" signature file as well as the installer file itself, and verify it with a command that asks GnuPG to verify the file that you downloaded.
-
-The examples below assume that you downloaded these two files to your "Downloads" folder.
-
-The result of the command should produce something like this:
-
- gpgv: Signature made 07/08/19 04:03:49 Pacific Daylight Time
- gpgv: using RSA key EB774491D9FF06E2
- gpgv: Good signature from "Tor Browser Developers (signing key) <torbrowser at torproject.org>"
-
-
-#### For Windows users:
-
- gpgv --keyring .\tor.keyring Downloads\torbrowser-install-win64-8.5.4_en-US.exe.asc Downloads\torbrowser-install-win64-8.5.4_en-US.exe
-
-#### For macOS users:
-
- gpgv --keyring ./tor.keyring ~/Downloads/TorBrowser-8.5.4-osx64_en-US.dmg{.asc,}
-
-#### For GNU/Linux users (change 64 to 32 if you have the 32-bit package):
-
- gpgv --keyring ./tor.keyring tor-browser-linux64-8.5.4_en-US.tar.xz{.asc,}
-
-
-You may also want to [learn more about GnuPG](https://www.gnupg.org/documentation/).
-
+Check [how to verify a digital signature](https://support.torproject.org/tbb/how-to-verify-signature/)
## How to get bridges
@@ -119,10 +43,3 @@ Select 'Tor is censored in my country,' then click 'Select a built-in bridge.' C
Click 'OK' to save your settings.
Another way to get bridges is to send an email to bridges at torproject.org. Please note that you must send the email using an address from one of the following email providers: Riseup or Gmail.
-
-A bridge is just a normal relay with a slightly different configuration.
-
-Several countries, including China and Iran, have found ways to detect and block connections to Tor bridges.
-<mark><a href="https://github.com/Yawning/obfs4/blob/master/doc/obfs4-spec.txt">Obfsproxy</a></mark> bridges address this by adding another layer of obfuscation.
-Setting up an obfsproxy bridge requires an additional software package and additional configurations.
-See our page on <mark><a href="https://www.torproject.org/docs/pluggable-transports.html.en">pluggable transports</a></mark> for more info.
More information about the tor-commits
mailing list