[tbb-bugs] #19737 [Applications/Tor Browser]: gpg/gk.gpg and gpg/torbutton.gpg are expired since 2016-07-19
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jul 22 07:41:17 UTC 2016
#19737: gpg/gk.gpg and gpg/torbutton.gpg are expired since 2016-07-19
--------------------------------------+--------------------------
Reporter: dcf | Owner: tbb-team
Type: defect | Status: new
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-gitian | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Changes (by gk):
* keywords: => tbb-gitian
Comment:
*Sigh*. I guess there is no good solution for this kind of issue. :( We
could do the same as the Qubes folks and create one never expiring key for
the git tags. But that would be another key to handle properly and we
would need to deal with the issue that more than one of us should be able
to tag things for official builds. And then there is the revocation issue
in case things go wrong...
I think what we could do is make sure that at least the latest release in
every series is always buildable. If one wants to build older Tor Browser
versions it is fine to me if this is not working out of the box due to
issues with signed git tags (one could easily work around by setting
`VERIFY_TAGS` to `0`).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19737#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list