[tor-talk] Unsigned Mac OS X binary for TorBrowser

Jacob Appelbaum jacob at appelbaum.net
Fri Nov 9 23:53:55 UTC 2012


Roger Dingledine:
> On Fri, Nov 09, 2012 at 06:05:58PM -0500, Matthew Fisch wrote:
>> TorProject should be registered as an Apple software developer, and the
>> binary should be signed, both to increase credibility of the torproject
>> and the safety of users.
> 
> I agree with you about the 'safety of users' side. But I'm not so clear
> on the 'credibility' side. Last I checked, to become an official Apple
> developer, they required you to sign an NDA *in order to see the agreement
> they would then ask you to sign*.

I don't think we have to sign an NDA.

> 
> We at Tor aren't big on signing blanket broad NDAs with large
> corporations, so you can see why we'd be hesitating (to put it nicely). I
> imagine we're not the only ones.
> 

I think we just have to pay them to participate in their developer
problem. It's annoying but it does actually make impersonation of Tor
software harder, as I understand the gatekeeper solution.

We should just their developer program and sign our builds. That is the
cost of support a non-free platform. If they ever try to make us do
something that we actually directly think is harmful to our users, we
should stop supporting their platform.

All the best,
Jake



More information about the tor-talk mailing list