-
Notifications
You must be signed in to change notification settings - Fork 181
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Tor Browser Developers public key (#481) #482
Conversation
@sysrqb the key file was previously in text armor, but changed to binary by your patch.
|
FYI. I uploaded debian package 0.3.2-12 with the patch: |
We've also uploaded this patch to Arch Linux with torbrowser-launcher 0.3.2-3: |
This key is 3 MB in size, it should be reduced to just the key and selfsigs |
Do you suppose there's a tiny chance this PR is completely and utterly wrong? 210 lines (209 sloc) 13.1 KB New file: 3.31 MB is a non-armored binary (should be .gpg, not .asc) and contains 21310 signatures, most of them poisoned I'm guessing. ;) |
@anthraxx @eli-schwartz @kpcyrd Thanks for your info!
|
I would actually recommend
export-minimal ensures the exported key only contains the latest self-sig and no other web of trust data (for good or ill). And that's all you need if you trust the key out of band due to embedding it in a software distribution, and merely want to use it for verifying a signature against a known keyid. You should be able to get it down to about 8 KB. |
@eli-schwartz thanks! I updated debian package 0.3.2-13, with the patch (with latest update from this thread): |
@sysrqb will you update this PR with @eli-schwartz suggestions? |
I agree that the text armor format would definitely be better. @sysrqb Any chance you could update this PR? |
@AsciiWolf and @eli-schwartz thanks for the suggested command. We're at 8KB now.
|
Fixed in #526 |
Summary: Add version comparison patch to torbrowser-launcher This adds a patch from [here](torproject/torbrowser-launcher#499) to fix the version comparison on install, which causes issues like [this one](torproject/torbrowser-launcher#498) and [this one](https://discuss.getsol.us/d/1128-how-do-i-install-and-config-the-tor/) Also updates the signing key patch to only import a 8KB key instead of the previous 4 MB monstrosity, as suggested [here](torproject/torbrowser-launcher#482) Test Plan: Succesfully download and launch TorBrowser, plus a quick test query in DuckDuckGo Reviewers: #triage_team, JoshStrobl Reviewed By: #triage_team, JoshStrobl Subscribers: JoshStrobl Differential Revision: https://dev.getsol.us/D9787
Closes #481