[tor-dev] Leif's important piece on update golden keys

Nathan Freitas nathan at freitas.net
Mon Mar 7 16:40:40 UTC 2016

On Mon, Mar 7, 2016, at 11:11 AM, Spencer wrote:
> Hi,
> >> 
> >> Holger Levsen:
> >> https://reproducible-builds.org and 
> >> https://reproducible.debian.net 
> >> 
> Thanks!
> > 
> > Nathan Freitas:
> > https://f-droid.org/wiki/page/Deterministic,_Reproducible_Builds
> > 
> Thanks!
> However, even though reproducible-builds seems to address the manual
> install as well, which is good, I read the problem as being the actual
> backdoor of auto-update.
> Since my Dad will not be able to make this verification, removing
> auto-update from the package is the only real resolution here.

I think our goal is to remove any one person from having the authority
to release an update. F-Droid or similar package managers should expect
multiple signatures in the future instead of just one. Part of the trust
people will place in projects or apps in the future is that they are not
only open-source, but have a judicially diverse or robust set of

> Besides, given the broken/missing auto-update opt-out in packages like
> OrFox, it is difficult to trust the developers, since it is the user who
> defines "malicious".

Can you explain this more? I want to make sure I don't misunderstand
what the issue is.


More information about the tor-dev mailing list