[tor-bugs] #8525 [Tor bundles/installation]: ask build dependency maintainers to get HTTPS and GPG
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat May 4 17:30:30 UTC 2013
#8525: ask build dependency maintainers to get HTTPS and GPG
--------------------------------------+-------------------------------------
Reporter: proper | Owner: erinn
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Tor bundles/installation | Version:
Keywords: | Parent: #8288
Points: | Actualpoints:
--------------------------------------+-------------------------------------
Comment(by proper):
I have reason to believe, that not all project maintainers (any project,
any genre) are aware of the risks of not using gpg. This can be part of a
message template when contacting them:
> It's useful in case [http://www.extremetech.com/computing/120981-github-
hacked-millions-of-projects-at-risk-of-being-modified-or-deleted github
gets hacked] again in case [https://en.wikipedia.org/wiki/DigiNotar SSL
CA's get] hacked [http://www.scmagazine.com/two-more-comodo-resellers-
owned-in-ssl-hack/article/199620/ again].
> zlib is on github, so perhaps we could use that to make a tarball
ourselves... even tho that would kind of suck.
https://github.com/madler/zlib
What if they provided signed git tags?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8525#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list