[tor-mirrors] mirror content integrity
andrew at torproject.is
Tue Jan 13 14:52:20 UTC 2015
We don't prevent it. The binaries are signed by well known keys of tor
packagers and developers. The mirror update script randomly selects a
binary and verifies it each time it runs. If the binaries don't match,
the mirror is removed from the public list.
Happy to have your help and code in writing some way to verify the
totality of files served by each mirror, in some automated fashion.
------ Original Message ------
From: "Frédéric CORNU" <fcornu at wardsback.org>
To: tor-mirrors at lists.torproject.org
Sent: 2015-01-12 22:06:49
Subject: [tor-mirrors] mirror content integrity
>How do we prevent a mirror admin from tempering with the served files ?
>tor-mirrors mailing list
>tor-mirrors at lists.torproject.org
More information about the tor-mirrors