Opened 5 months ago

Closed 5 months ago

Last modified 5 months ago

#34032 closed defect (fixed)

Use Securedrop's Official https-everywhere ruleset

Reported by: sysrqb Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-9.5a12, TorBrowserTeam202004R
Cc: acat Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Let's create a fixup for #28005.

Official ruleset is now: https://securedrop.org/https-everywhere/

New signing key: https://github.com/freedomofpress/securedrop-https-everywhere-ruleset/blob/master/release-pubkey.jwk
(also in footer of securedrop.org)

The repository for storing the official HTTPS Everywhere ruleset channel is here:
https://github.com/freedomofpress/securedrop-https-everywhere-ruleset

Child Tickets

Change History (5)

comment:1 Changed 5 months ago by sysrqb

Keywords: tbb-9.5a12 added

comment:2 Changed 5 months ago by acat

Keywords: TorBrowserTeam202004R added
Status: newneeds_review

Patch for review in https://github.com/acatarineu/tor-browser/commit/34032 (0052c74b743756dafa4f3614f559dd8f8d1645c2).

comment:3 Changed 5 months ago by sysrqb

Keywords: tbb-9.5a12 TorBrowserTeam202004Rtbb-9.5a12, TorBrowserTeam202004R
Resolution: fixed
Status: needs_reviewclosed

Thanks! Looks good. I confirmed the jwk is derived from their release key (2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77) - they included a script for this.

I had to install authlib from pip :( (oh well).

I merged the branch with commit f5bf259fa2f16c68f3dc12bf9e6d28f43ff8d7e1 onto tor-browser-68.7.0esr-9.5-1.

comment:4 Changed 5 months ago by cypherpunks

FWIW, the links have the form: https://securedrop.org/https-everywhere//latest-rulesets-timestamp

comment:5 Changed 5 months ago by cypherpunks

Despite // in the links, the ruleset seems to have been updated successfully.

Note: See TracTickets for help on using tickets.