Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check signatures with gnupg? #164

Closed
ioerror opened this issue Feb 21, 2013 · 4 comments
Closed

Check signatures with gnupg? #164

ioerror opened this issue Feb 21, 2013 · 4 comments

Comments

@ioerror
Copy link
Contributor

ioerror commented Feb 21, 2013

The Tor Browser has signatures for each release:
https://www.torproject.org/dist/torbrowser/osx/TorBrowser-2.3.25-2-osx-i386-es-ES.zip
https://www.torproject.org/dist/torbrowser/osx/TorBrowser-2.3.25-2-osx-i386-es-ES.zip.asc

And we publish a set of keys that are likely to sign them:
https://www.torproject.org/docs/verifying-signatures.html

I'd like to add the proper keys to my Tor Browser formula and have the signatures checked at install time.
@phinze
Copy link
Contributor

phinze commented Mar 13, 2013

This is not a bad idea for extending the existing hash-based check. Let's see what we can do!

@passcod passcod mentioned this issue May 31, 2013
Closed
@nanoxd nanoxd mentioned this issue Aug 27, 2013
Closed
@lanterndev lanterndev mentioned this issue Nov 21, 2013
Closed
@lanterndev
Copy link

Big +1 on this! Homebrew/legacy-homebrew#22238 (via Homebrew/legacy-homebrew#15631) provide some relevant history of the proposal to add this to homebrew, which has unfortunately not been accepted yet. If you're open to adding it to homebrew-cask, though, maybe we can make use of the prior art.

faun pushed a commit to faun/homebrew-cask that referenced this issue Jun 15, 2014
@vitorgalvao
Merge pull request Homebrew#164 from fharbe/firefox-beta-de
f882db3 
Added Firefox Beta (DE)
@joelpurra joelpurra mentioned this issue Jul 29, 2014
Merged
@alebcay
Copy link
Member

alebcay commented Jul 29, 2014

A quick update on this - better security regarding gpg keys is being introduced via #4848, and should hopefully be implemented by #4688 (DSL 1.0).

@tapeinosyne tapeinosyne mentioned this issue Sep 11, 2014
Closed
9 tasks
@hellais
Copy link

hellais commented Mar 5, 2015

Here is some broken code I wrote a long time ago to add support for what I described in #22238. If there is interest in this I could pick it back up again: https://github.com/hellais/homebrew/tree/feature/package-signing.

@jawshooah jawshooah added the core Issue with Homebrew itself rather than with a specific cask. label Dec 10, 2015
@commitay commitay mentioned this issue Nov 7, 2017
Closed
@commitay commitay mentioned this issue Aug 28, 2018
Merged
@commitay commitay removed core Issue with Homebrew itself rather than with a specific cask. enhancement labels Sep 12, 2018
@lock lock bot locked and limited conversation to collaborators Oct 12, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@phinze @ioerror @hellais @lanterndev @alebcay @jawshooah @commitay