[tor-bugs] #5147 [Tor bundles/installation]: wrong/no signatures on FC packages
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Feb 17 13:36:51 UTC 2012
#5147: wrong/no signatures on FC packages
-----------------------------------------+----------------------------------
Reporter: qbi | Owner: erinn
Type: defect | Status: reopened
Priority: major | Milestone:
Component: Tor bundles/installation | Version: Tor: unspecified
Resolution: | Keywords:
Parent: | Points:
Actualpoints: |
-----------------------------------------+----------------------------------
Comment(by erinn):
It's been a while since I set it up, but I think the original idea was
that people could import the key and then install the rpm, individually,
if they didn't want to use the repo key for whatever reason. An argument
could be made for that being either intuitive or counterintuitive, and I
don't really have any insight into how normal rpm users operate, beyond
knowing that they generally let the distro verify signatures.
I don't think we're asking for people to get confused, and there are
instructions on the verifying-signatures page for how to manually verify
the packages if you really want to do it that way. But if you have a less
confusing solution, let me know.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5147#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list