Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#14304 closed enhancement (fixed)

Document sripping of MAR files in advanced verification section

Reported by: gk Owned by: Sebastian
Priority: Medium Milestone:
Component: Webpages/Website Version:
Severity: Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

We start with signing our MAR files from the next Tor Browser alpha release on. This means that the actual MAR files we ship do not have the same SHA256 sum as the ones our builders (and we) get after the Gitian build finished. We should document the steps to verify that the MAR files we ship are indeed the ones we and the builders built before.

Child Tickets

Attachments (1)

0001-Bug-14304-Document-stripping-of-MAR-files.patch (5.4 KB) - added by gk 5 years ago.

Download all attachments as: .zip

Change History (4)

comment:1 Changed 5 years ago by gk

Please merge the attached patch. Thanks.

comment:2 Changed 5 years ago by Sebastian

Resolution: fixed
Status: newclosed

Done. Is it correct that stuff is signed by Erinn still?

comment:3 in reply to:  2 Changed 5 years ago by gk

Replying to Sebastian:

Done. Is it correct that stuff is signed by Erinn still?

The last release in the stable series (4.0.3) was still signed by her. I am therefore inclined to leave the bundle verification documentation as-is until we switch to the new key there, too.

Note: See TracTickets for help on using tickets.