Hi,
We don't prevent it. The binaries are signed by well known keys of tor
packagers and developers. The mirror update script randomly selects a
binary and verifies it each time it runs. If the binaries don't match,
the mirror is removed from the public list.
Happy to have your help and code in writing some way to verify the
totality of files served by each mirror, in some automated fashion.
Thanks!
--
Andrew
+1-781-948-1982
https://www.torproject.org/
------ Original Message ------
From: "Frédéric CORNU" <[email protected]>
To: [email protected]
Sent: 2015-01-12 22:06:49
Subject: [tor-mirrors] mirror content integrity
Hi there,
How do we prevent a mirror admin from tempering with the served files ?
--
Frédéric CORNU
_______________________________________________
tor-mirrors mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
_______________________________________________
tor-mirrors mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-mirrors
