[tor-bugs] #20422 [Applications/Tor Browser]: Tor Browser builds are broken due to failing pycrypto signature check
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Oct 21 12:49:24 UTC 2016
#20422: Tor Browser builds are broken due to failing pycrypto signature check
-------------------------------------------------+-------------------------
Reporter: gk | Owner: tbb-
| team
Type: defect | Status:
| needs_review
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-gitian, TorBrowserTeam201610R | Actual Points:
GeorgKoppen201610R |
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Changes (by gk):
* keywords: tbb-gitian => tbb-gitian, TorBrowserTeam201610R
GeorgKoppen201610R
* status: new => needs_review
Comment:
Replying to [comment:3 boklm]:
> I think to fix this we can:
> 1. email the pycrypto author to ask if they have an updated key
> 2. check the checksum of the file instead of its gpg signature
Looking at the key and given that we already checked the SHA256 sum in
addition to the signature this seems not an unreasonable way of fixing the
bug. See: bug_20422_v2 (https://gitweb.torproject.org/user/gk/tor-browser-
bundle.git/commit/?h=bug_20422_v2&id=4b13b64b36da439f09decb4694dc3f33ecf9bd14)
in my public repo for a proposed fix.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20422#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list