ARM64 Tor Browser

To fix this issue, it would very very much help if ARM64 Tor Browser would support “direct” gpg signatures.

e-mail recipient: ARM64 Tor Browser Maintainer

e-mail subjects:

Tor Browser arm64 builds gpg signatures

e-mail content:

Hello Heikki!

I’d like to switch from sha256sums-unsigned-build.txt to verifying gpg
signatures directly. What I mean by that is this… Upstream currently
for example provides:

  • tor-browser-linux32-11.5a1_en-US.tar.xz as well as
  • tor-browser-linux32-11.5a1_en-US.tar.xz.asc

Verifying the tar.xz.asc would be a bit safer and less code in
tb-updater because then we can skip sha256 and rely on gpg only.

Could you please kindly ask upstream how the tar.xz.asc files are
created? They probably have some script which we just cannot easily
locate in the huge git repository. If possible, could you please
consider adding it to your build process?

Kind regards,
Patrick

date sent:

15 December 2021

status on 06 January 2022

no reply received yet