[tor-bugs] #8286 [Tor bundles/installation]: Fetch software during TBB build process only over trusted HTTPS
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Feb 26 00:56:58 UTC 2013
#8286: Fetch software during TBB build process only over trusted HTTPS
--------------------------------------+-------------------------------------
Reporter: ioerror | Owner: erinn
Type: enhancement | Status: needs_review
Priority: major | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent: #8288
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by ioerror):
Replying to [comment:6 mikeperry]:
> This looks great and is almost ready to merge, except: Do we also want a
cron script that runs on people that tells us if any of the mirrored
source either changed or got new versions upstream?
I don't think so. I'd like this to happen manually.
>
> I want to avoid the situation where we switch to people.tp.org as our
mirror, but then forget to ever update these packages. I think for
most/all of them they simply remove the old version's tar when they
release a new one, so the cron script could just email us when the version
we have disappeared from upstream?
We should never forget to update because this is how we build things. To
update, first we'd need to know there was a new released upstream version
and secondly, we'd want to add the updated version to the mirror.
I envision this as a manual process just as we currently do it - except we
actually get HTTPS!
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8286#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list