[Pkg-anonymity-tools] Bug#756194: Bug#756194: should verify 3 signatures are correct
Micah Lee
micah at micahflee.com
Sun Aug 3 00:24:42 UTC 2014
Are you sure that the releases always have 3 signatures? My worry would
be that maybe one of the devs isn't available and they do a release with
only 2 signatures, and Tor Browser Launcher users won't be able to update.
On 08/02/2014 03:21 PM, Holger Levsen wrote:
> control: forwarded -1 https://github.com/micahflee/torbrowser-launcher/issues/113
>
> Hi,
>
> On Sonntag, 27. Juli 2014, Holger Levsen wrote:
>> tbb downloads are signed by 3 signatures always, all three of them should
>> be checked and if there are not 3 valid signatures (or an invalid one), it
>> should fail and warn loudly.
>
> this is being tracked as an upstream feature request now too.
>
>
> cheers,
> Holger
>
>
--
Micah Lee
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-anonymity-tools/attachments/20140802/0fb88523/attachment.sig>
More information about the Pkg-anonymity-tools
mailing list