#20209: Torbrowser 6.5a3 packages now signed with sha1, not sha512
------------------------------------------+----------------------
     Reporter:  arma                      |      Owner:  tbb-team
         Type:  defect                    |     Status:  new
     Priority:  Medium                    |  Milestone:
    Component:  Applications/Tor Browser  |    Version:
     Severity:  Normal                    |   Keywords:
Actual Points:                            |  Parent ID:
       Points:                            |   Reviewer:
      Sponsor:                            |
------------------------------------------+----------------------
 {{{
 $ gpg -v torbrowser-install-6.0.5_en-US.exe.asc
 gpg: assuming signed data in `torbrowser-install-6.0.5_en-US.exe'
 gpg: Signature made Fri 16 Sep 2016 07:53:01 AM EDT
 gpg:                using RSA key 2E1AC68ED40814E0
 gpg: using subkey 2E1AC68ED40814E0 instead of primary key 4E2C6E8793298290
 gpg: using PGP trust model
 gpg: Good signature from "Tor Browser Developers (signing key)
 <torbrow...@torproject.org>"
 gpg: binary signature, digest algorithm SHA512
 }}}

 compared to

 {{{
 $ gpg -v torbrowser-install-6.5a3_en-US.exe.asc
 gpg: armor header: Version: GnuPG v1
 gpg: assuming signed data in `torbrowser-install-6.5a3_en-US.exe'
 gpg: Signature made Tue 20 Sep 2016 11:10:10 AM EDT
 gpg:                using RSA key D1483FA6C3C07136
 gpg: using subkey D1483FA6C3C07136 instead of primary key 4E2C6E8793298290
 gpg: using PGP trust model
 gpg: Good signature from "Tor Browser Developers (signing key)
 <torbrow...@torproject.org>"
 gpg: binary signature, digest algorithm SHA1
 }}}

 What made us switch to SHA1 for the latest alpha build? Is this some bug
 in our release process?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20209>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Reply via email to