[tor-talk] Verifying signatures
Joe Btfsplk
joebtfsplk at gmx.com
Sat Mar 24 22:59:31 UTC 2012
> On 03/20/2012 01:46 AM, Achter Lieber wrote:
> Hullo (',')
>
> In light of some fairly recent postings about making it easier to
> verify signatures on new Tor downloads,
On 3/21/2012 9:35 AM, Christian Siefkes wrote:
> On 03/21/2012 12:46 PM, Jude Young wrote:
>> Sorry if this has been responded to, I've lost a few emails...
>> I don't believe the TBB has been high-jacked, but the TorButton Firefox
>> extension certainly has.
>> (Forgive my faulty memory
>> linky:http://www.securitynewsdaily.com/1201-anonymous-hackers-child-porn.html)
>> "Anonymous" apparently convinced firefox (or someone at FireFox? No one was
>> ever clear on this..) to upload a modified version.
> Uh, TorButton is free software, didn't you know that? Everybody can create
> and distribute a modified version, and that's what happened. It certainly
> proves that you shouldn't download software from untrusted sources (neither
> the Tor Project nor Mozilla was involved) and that you should verify the
> signatures of the software to use. None of that is news, of course.
>
Which was the point of OP, Achter. Perhaps it could be made easier,
tutorials on the Tor site, etc., to verify signatures.
More information about the tor-talk
mailing list