On 9/2/2011 12:11 PM, Seth David Schoen wrote:
Joe Btfsplk writes:
Is it really a risk, d/l Tor or TBB directly from Tor Project's
site, that verifying signatures is necessary? What is the reasoning
here - if getting files from Tor Project server?
How do you know it was really the Tor Project server?
I'm not sure. How do I know when I open an HTTPS bookmark link to my
bank, that it's my bank? I don't go through a (manual) signature
verification process when signing in, or d/l anything from a bank, CC or
investment company. Are you answering a question w/ a question? I
asked 1st :)
_______________________________________________
tor-talk mailing list
tor-talk@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk