[tor-talk] confusion over verification instructions for build verification on Mac OS X

Jedd Casella Jedd.Casella at alia.org.au
Tue Dec 13 04:33:16 UTC 2016


unsubscribe


-----Original Message-----
From: tor-talk [mailto:tor-talk-bounces at lists.torproject.org] On Behalf Of Tor-talk
Sent: Tuesday, 13 December 2016 2:49 AM
To: tor-talk at lists.torproject.org
Subject: [tor-talk] confusion over verification instructions for build verification on Mac OS X

Reading through this:
https://www.torproject.org/docs/verifying-signatures.html.en#BuildVerification

Trying to do this on Mac OS X.

`shasum -a 256 <tor browser distro>.dmg` clearly gives me a checksum that doesn't match the one in the "sha256sums-unsigned-build.txt" file. Tried it with 6.0.6 and 6.0.7.

From what I understand, if the PGP signature is valid that confirms the package wasn't tampered with.

But it is confusing and disturbing to a newbie to try this and get a mismatched checksum. Please modify these instructions so it's clear what this process is and what you have to do to get it to work because it doesn't work "out of the box" for Mac OS X.

Thanks--
--
tor-talk mailing list - tor-talk at lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk


More information about the tor-talk mailing list