[Tor www-team] New download page does not provide signature links

Pili Guerra pili at torproject.org
Mon Apr 1 06:28:35 UTC 2019


Thank you for reporting this.

We do have a link to “Verify Tor Browser Signature” on that page as well as a link to the signatures themselves under the "Advanced Install Options” link.

We appreciate your feedback, this will help us evaluate ways to highlight this process and make it more visible from the main download page.


Project Manager: Tor Browser, UX and Community teams
pili at torproject dot org
gpg 3E7F A89E 2459 B6CC A62F 56B8 C6CB 772E F096 9C45

> On Saturday, Mar 30, 2019 at 10:44 PM, mwnx <mwnx at gmx.com (mailto:mwnx at gmx.com)> wrote:
> Hello,
> The new download page [1] does not provide links to the signature
> files needed to check that the provided tor browser bundles have
> indeed been produced and/or approved by the tor browser team.
> Such signatures are important for software in general, but it is
> especially worrying when they are lacking from an inherently privacy
> and security focused project like tor. In the end, I managed to find
> the signature file by appending `.asc` to the bundle URL, but others
> might not think of doing that, and besides, I feel like we should
> promote security best practices by encouraging people to check the
> signature.
> While I'm at it, thank you all for your contributions to this
> critical piece of FOSS software.
> [1] https://www.torproject.org/download/
> --
> mwnx
> GPG: AEC9 554B 07BD F60D 75A3 AF6A 44E8 E4D4 0312 C726
> ________________________________________________________________________
> Tor Website Team coordination mailing-list
> To unsubscribe or change other options, please visit:
> https://lists.torproject.org/cgi-bin/mailman/listinfo/www-team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/www-team/attachments/20190401/c260abb4/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 865 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/www-team/attachments/20190401/c260abb4/attachment.sig>

More information about the www-team mailing list