[tor-dev] File verification GUI tool

adrelanos adrelanos at riseup.net
Mon Sep 23 22:45:56 UTC 2013


Hi Sherief,

this is actually a complex problem. Thanks for trying to solve it.

With all due respect, I must say, what you are trying is just another
hack to attempt to solve a problem at a higher level, which can not be
solved at the level you are trying to solve it.

Some time ago, I wrote about it:
[liberationtech] secure download tool - doesn't exist?!?
https://mailman.stanford.edu/pipermail/liberationtech/2013-July/009620.html

See also my comments in Tor trac ticket 2340:
https://trac.torproject.org/projects/tor/ticket/2340#comment:14

The whole approach of "you must download a verification tool or
downloader to download what you really want to download" is something
from an usability perspective, which only a small fraction of geeky
users will do. I am sure, you can create something useful for a few
people, I might even use it myself, but it's up to you if you want to
solve it for the majority of users.

Do you speak C? If so, a solution which could work for more users, could
be adding metalink + OpenPGP support to Firefox:
https://bugzilla.mozilla.org/show_bug.cgi?id=331979

Then verification would work out of the box without installing other
software.

If you agree with my points, I see two realistic ways to solve this. For
one, solving the issue in Firefox. I am quite sure, Microsoft won't be
helpful. Or ditch Firefox/Microsoft Windows at all and solve it in
popular Linux distributions.

In case you are interested to solve the deeper issues, solving this is
an interesting problem, which you could advocate. You could summarize
the current problem why currently only a small fraction of downloaders
uses verification, then do the draft work on how it could be solved (my
comments in Tor trac ticket 2340), discuss it with Linux distributions
how they would accept, then implement it and get Linux distributions to
install it by default. The actual implementation could then also be done
in python.

I'd do it myself, but I am already maintaining a Free Software project
(Whonix), so I am happy that you showed up, interested to solve it.

Cheers,
adrelanos


More information about the tor-dev mailing list