Opened 3 years ago

Last modified 3 years ago

#17425 new defect

Improve GetTor Signature Section

Reported by: sukhbir Owned by: ilv
Priority: Medium Milestone:
Component: Applications/GetTor Version:
Severity: Normal Keywords:
Cc: mrphs, ilv Actual Points:
Parent ID: #9036 Points:
Reviewer: Sponsor:


The current GetTor reply we decided earlier was (and which is currently deployed):

SHA256 of Tor Browser 32/64-bit (advanced): 443b38f4aa1194125ca3c79157272d5c64006928c9128127788c1cdefa642d85
Fingerprint of key used to sign Tor Browser (advanced): 8738 A680 B84B 3031 A630 F2DB 416F 0610 63FE E659

We can do better. If you see ticket:9036#comment:16, we will be introducing a new section on signatures and verification of the bundles. This is tricky since on one hand we want users to verify the bundles they downloaded, but on the other, it's not always easy to do so. This ticket will focus on what the text should look like and how we should ensure that users are easily able to verify the bundles.

(It's easier said than done and it's not like we are the first ones trying to solve this problem but we should focus on it from GetTor's context to narrow it down.)

Child Tickets

Change History (3)

comment:1 Changed 3 years ago by ilv

I think the signatures section in the body message should have the minimum information needed to check the integrity of the files, otherwise the message will be TLDR. For the purpose of teaching end users how to do that, I think the best option would be to attach one or two guides. I wrote a proposal for verifying signatures here. What do you think of this idea?

comment:2 Changed 3 years ago by sukhbir

I agree that the main body should have very little information. Though we want that people should verify the bundles, we realize that this easier said than done.

I guess your idea about the guide is probably the best way to go forward. We should work on improving its text.

Last edited 3 years ago by sukhbir (previous) (diff)

comment:3 in reply to:  2 Changed 3 years ago by ilv

Replying to sukhbir:

I guess your idea about the guide is probably the best way to go forward. We should work on improving its text.

Yes, and as you know, English is not my mother tongue, so some sentences might not sound natural to common people. In the dev meeting someone advised me that all gettor messages should be reviewed by a native English speaker :)

Note: See TracTickets for help on using tickets.