Hi, So, I had some troubles generating + signing Torrent files (for some reasons, my GPG hardware token refused my user PIN several times, and I had to iterate/restart; see below for why those topics are intertwined), and it seems the generated Torrent files are starting to download just fine (as checked per release process), but don't let users reach full completion; some issues with asc vs. sig files, which wouldn't be entirely unrelated to the issues I encountered while releasing.
Would it seem OK for me to try and re-generate Torrent files (making extra sure they contain the same kind of files as previous Torrent files had, and not the apparently broken set of files they currently do)? I'm not sure which part(s) might need some signing, but anything related to signatures is flashing red alarms here, since it could invalidate some reproducibility properties (our release process highlights that once a given point is reached, the GPG hardware token must be stowed away and never touched back). And I'm also not sure whether publishing the new Torrent files with similar names but different contents could be an issue (I'm no Torrent/DHT master). Please let me know whether/how I should try and get stuff fixed. Relevant part of the release process: https://tails.boum.org/contribute/release_process/#index16h1 Of the blue, I would expect uncoupling signing (already done, already used to move data around on various servers, so likely OK), and Torrent generation might do the trick, and generating new Torrent files without resigning anything might work. What do you think? Cheers, -- Cyril 'kibi' Brulebois ([email protected])
signature.asc
Description: PGP signature
_______________________________________________ Tails-dev mailing list [email protected] https://www.autistici.org/mailman/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
