[tor-mirrors] mirror content integrity

Andrew Lewman andrew at torproject.is
Tue Jan 13 14:52:20 UTC 2015


We don't prevent it. The binaries are signed by well known keys of tor 
packagers and developers. The mirror update script randomly selects a 
binary and verifies it each time it runs. If the binaries don't match, 
the mirror is removed from the public list.

Happy to have your help and code in writing some way to verify the 
totality of files served by each mirror, in some automated fashion.



------ Original Message ------
From: "Frédéric CORNU" <fcornu at wardsback.org>
To: tor-mirrors at lists.torproject.org
Sent: 2015-01-12 22:06:49
Subject: [tor-mirrors] mirror content integrity

>Hi there,
>How do we prevent a mirror admin from tempering with the served files ?
>Frédéric CORNU
>tor-mirrors mailing list
>tor-mirrors at lists.torproject.org

More information about the tor-mirrors mailing list