Rather than replying in-line to everything, I'll just summarise:
* TLS/x.509 security: torbrowser-launcher doesn't rely on the CA
infrastructure. The only TLS it does is make HTTPS requests to
check.torproject.org and (if you haven't set a mirror)
www.torproject.org. When it connects to these
Sorry for the late reply.
On Sat, 2014-06-21 at 23:01 -0700, Micah Lee wrote:
The keys that are signing keys that are included torbrowser-launcher are
for: Alexandre Allaire, Erinn Clark, Mike Perry, and Sebastian Hahn.
Keys are here:
On 06/21/14 18:55, Christoph Anton Mitterer wrote:
Hi.
This is basically a follow up from the lengthy discussion at
debian-devel:
https://lists.debian.org/debian-devel/2014/06/msg00171.html
(somewhere deeper in the thread).
Admittedly I didn't read through the whole code of
control: tags -1 + moreinfo
control: severity -1 normal
Hi Christoph (bcc:ed),
On Sonntag, 22. Juni 2014, Christoph Anton Mitterer wrote:
As already pointed out in the aforementioned thread, this has
several critical security issues:
And they are all (IMHO successfully) considered in the
Package: torbrowser-launcher
Version: 0.0.7-1
Severity: grave
Tags: security
Justification: user security hole
Hi.
This is basically a follow up from the lengthy discussion at
debian-devel:
https://lists.debian.org/debian-devel/2014/06/msg00171.html
(somewhere deeper in the thread).
5 matches
Mail list logo
