[tor-talk] Absence of digital signature of TBB sources
jbrownfirst at gmail.com
Thu Apr 5 09:37:51 UTC 2012
On 04.04.2012 16:18, Sebastian Hahn wrote:
> On Apr 4, 2012, at 2:34 PM, andrew at torproject.is wrote:
>> On Wed, Apr 04, 2012 at 10:44:10AM +0000, rransom.8774 at gmail.com wrote 0.7K bytes in 20 lines about:
>> : The official TBBs are built from the sources in Git, not from the
>> : tarballs. There probably shouldn't be any release tarballs for TBB
>> : source code.
>> But anyone should be able to build TBB from the source tarball. At least,
>> this is how I used to build everything way back in the day when I built
>> all of the packages.
>> I didn't use the source repo. I tagged a release, built a source tarball,
>> and then built the packages from the tarball. This way our builds were
>> official, but at least others could build their own packages the same
>> way we did.
> In theory the (signed, of course) tags in a git repo can fulfil the same
> purpose. That's probably the model we should aim for here.
> I'll poke Erinn again about the existing tarball's signatures, tho
Thanks. it was effective now :)
There is a signature in his place now :)
P.S. Sorry for my idiotism I forgot the url-address of the main
repository of the Tor which is https://gitweb.torproject.org/ :) I tried
"http://deb.torproject.org/torproject.org" from my sources.list but I
found there only deb-packages :)
If it possible could the team of the Torproject give the link to the
repos on the main page of the site? For such people as I which decided
to try themselves in compiling and devoloping etc. :)
More information about the tor-talk