[tor-bugs] #13379 [Tor Browser]: Sign our MAR files
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Nov 11 14:12:21 UTC 2014
#13379: Sign our MAR files
-----------------------------+--------------------------
Reporter: mikeperry | Owner: tbb-team
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor Browser | Version:
Resolution: | Keywords: tbb-security
Actual Points: | Parent ID:
Points: |
-----------------------------+--------------------------
Comment (by gk):
Replying to [comment:7 mikeperry]:
> Oh, I wasn't aware that multiple signatures were already supported in
this way. If that is the case, we may want to consider having two or three
keys: one held by Georg, one by myself, and one on a dist server. Though
this has downsides in that it would require Georg and I to always be
available to sign builds.. I suppose we could instead share a builders
key, and then have the second key live on a signing machine that other
people can get access to in an emergency?
>
> Might be too much to deal with for the first rollout, though.
Yes, I think that should be in a new ticket. I've created #13730 for it. I
am especially interested in thinking about needing just a threshold of
valid signatures which might release the burden on us to be always
available for signing purposes.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13379#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list