Hans Vader: > Dear TOR people, > > I have a question regarding the updating mechanism of tor browser from > within the browser. > These updates are signed I stronly suppose. I would like to know, does > checking these signatures depend on external programs like gpg? Is the > signature verification application for updates part of the browser > bundle itself?
For updates we essentially use the Firefox updater and, yes, we are signing the update files. Firefox and thus Tor Browser comes with its own means to check the signature[1], there is no external tool required. For more information about the Firefox update process and the .mar files, which are the update files the Tor Browser build process produces, see the Mozilla wiki[2] as a starting point. Georg [1] https://wiki.mozilla.org/Software_Update:MAR_Signing_and_Verification [2] https://wiki.mozilla.org/Software_Update
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
