[tor-dev] Leif's important piece on update golden keys
Spencer
spencerone at openmailbox.org
Mon Mar 7 16:11:00 UTC 2016
Hi,
>>
>> Holger Levsen:
>> https://reproducible-builds.org and
>> https://reproducible.debian.net
>>
Thanks!
>
> Nathan Freitas:
> https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds
>
Thanks!
However, even though reproducible-builds seems to address the manual install as well, which is good, I read the problem as being the actual backdoor of auto-update.
Since my Dad will not be able to make this verification, removing auto-update from the package is the only real resolution here.
Besides, given the broken/missing auto-update opt-out in packages like OrFox, it is difficult to trust the developers, since it is the user who defines "malicious".
Wordlife,
Spencer
More information about the tor-dev
mailing list