[tor-talk] How can I verify that this "Onionshare" program is indeed the one intended for me to get?
Felix Eckhofer
felix at tribut.de
Sun Nov 15 10:37:32 UTC 2015
Hey.
Am 15.11.2015 11:28, schrieb Qaz:
> How do I do the hashing? Sorry really ignorant about it. Do I just type
> sha256sum <file> ? Or what?
Hashing the deb is most likely not going to work. Having a build process
that results in a bit-wise identical binary is a hard problem (search
for "reproducible build" if you're interested). You should use the
verification tools provided, that is the detached signature for
pre-built binaries and the signed commits when building from source (see
my other mail).
Regards
felix
More information about the tor-talk
mailing list