GetTor needs official two-factor-enabled dropbox and google accounts
we need official, and two-factor-enabled dropbox and google accounts in order to finish what we've started on #8542 (moved).
we're already using dropbox links in gettor reply message. this dropbox account was not created using a secure email address and is for test purpose only.
This is very important as an attacker may find a way to reset the password of that dropbox account and replace legit bundles with malicious ones.
Activity
Replying to mrphs:
we need official, and two-factor-enabled dropbox and google accounts in order to finish what we've started on #8542 (moved).
we're already using dropbox links in gettor reply message. this dropbox account was not created using a secure email address and is for test purpose only.
This is very important as an attacker may find a way to reset the password of that dropbox account and replace legit bundles with malicious ones.
We should also have account(s) for #12819 (moved)
We're now distributing links to download Tor Browser from github. Right now we're using this repo, but we should use an official one. Maybe under Tor Project organization? (I believe hellais owns it, but I'm not sure).
Replying to ilv:
We're now distributing links to download Tor Browser from github. Right now we're using this repo, but we should use an official one. Maybe under Tor Project organization? (I believe hellais owns it, but I'm not sure).
Yep, hellais is one of the owners.
Hey hellais and ioerror,
Could one of you set up a new team for GetTor under the TorProject github account and add ilv to it, please? Also I think you might need to make a gettor repo under that new team (I'm not sure how the team permissions work, e.g. who can create repos, etc.).
Trac:
Cc: sukhbir, arma, phobos to sukhbir, arma, hellais, ioerrorReplying to isis:
Hey hellais and ioerror,
Could one of you set up a new team for GetTor under the TorProject github account and add ilv to it, please? Also I think you might need to make a gettor repo under that new team (I'm not sure how the team permissions work, e.g. who can create repos, etc.).
Thanks for the support isis! And yes, these things would be very helpful.
I created a team called GetTor and invited ilv to it. In order to complete this transition you will have to transfer the ownership of the repo over to TheTorProject, then I will add that repo to the group GetTor and you will have admin capabilities on it (be able to do everything as well as add new people with any capability to the GetTor group).
Closing this as WONTFIX since gettor files are now on github (#23703 (moved)).
Trac:
Reviewer: N/A to N/A
Sponsor: N/A to N/A
Resolution: N/A to wontfix
Status: new to closedThe idea of using cloud storage services to distribute Tor via GetTor is so if one of them is blocked there are other ways to download Tor. And sure enough github raw service which is being used for downloading files directly from github is blocked in various places. Google drive and dropbox remain as two of the main popular platforms with higher collateral, especially google drive.
Trac:
Resolution: wontfix to N/A
Status: closed to reopened
Changin the parent to the other ticket (as they were duplicated).
Trac:
Parent: #8542 (moved) to #28231 (moved)
