[tor-bugs] #5634 [TorBrowserButton]: build scripts do not verify dowloaded source tarballs
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Tue Apr 17 13:12:43 UTC 2012
#5634: build scripts do not verify dowloaded source tarballs
------------------------------+---------------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: TorBrowserButton | Version:
Keywords: | Parent:
Points: | Actualpoints:
------------------------------+---------------------------------------------
I may be miscalculating the risks but shouldn't all code one downloads at
least be checked against a hash sum fetched over https or multiple network
connections/exits?
I assume official binaries are not built behind Tor or an insecure wifi -
though others may want or need to do that - but Erinn would make an
interesting target for ISP intrusion or other scenarios.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5634>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list