Delivery-Date: Mon, 04 Aug 2014 06:51:12 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 12B5C1E0A2C;
	Mon,  4 Aug 2014 06:51:11 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 061913054C;
	Mon,  4 Aug 2014 10:51:05 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 7277830542
 for <tor-talk@lists.torproject.org>; Mon,  4 Aug 2014 10:51:01 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 06UNJS8hbJeE for <tor-talk@lists.torproject.org>;
 Mon,  4 Aug 2014 10:51:01 +0000 (UTC)
Received: from smtp.rlogin.net (pipe.rlogin.net [213.138.100.26])
 by eugeni.torproject.org (Postfix) with ESMTP id 43A573053D
 for <tor-talk@lists.torproject.org>; Mon,  4 Aug 2014 10:51:01 +0000 (UTC)
Received: from gate.rlogin.net (aaisp.rlogin.net [178.238.155.43])
 by smtp.rlogin.net (Postfix) with ESMTPSA id B79364209A
 for <tor-talk@lists.torproject.org>; Mon,  4 Aug 2014 11:53:34 +0100 (BST)
Date: Mon, 4 Aug 2014 11:50:57 +0100
From: mick <mbm@rlogin.net>
To: tor-talk@lists.torproject.org
In-Reply-To: <53DE46A1.2060008@whonix.org>
References: <53D47B68.3000905@riseup.net>
 <20140728000202.GN18042@necrid.teamhugs.is>
 <53D7288E.1090802@riseup.net>
 <20140729155410.3f106aa0@gate.rlogin.net>
 <20140729163601.4adfaecb@gate.rlogin.net>
 <53DE46A1.2060008@whonix.org>
MIME-Version: 1.0
Message-Id: <20140804105101.7277830542@eugeni.torproject.org>
Subject: Re: [tor-talk] how many verify their tbb ?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0906782867800820939=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

--===============0906782867800820939==
Content-Type: multipart/signed; micalg=pgp-sha256;
 boundary="Sig_/sRQR2ZsTWCOCvuBVxsX5HES"; protocol="application/pgp-signature"

--Sig_/sRQR2ZsTWCOCvuBVxsX5HES
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable

On Sun, 03 Aug 2014 14:26:41 +0000
Patrick Schleizer <patrick-mailinglists@whonix.org> allegedly wrote:
>=20
> As a maintainer of Whonix I like to note, that I am surprised, that
> there are any Whonix signature downloads from Whonix mirrors at all.
> We directly link Whonix signatures to whonix.org on our download
> page. [1] We don't have a link to signatures pointing to mirrors
> anywhere.

Patrick

The mirrors are (of necessity) public servers. They contain copies of
the signature files. Inevitably those files will be retrieved at
times. It is possible that some of those retrievals are by search
engines or other 'bots trawling the web. But it is equally possible
that some of the retrievals will have been made by real people -
possibly people who simply wanted to get and compare signatures from
different sources.

The only certain way to ensure that there are no signature downloads
from the mirrors (and this applies to tails as well) is to remove
those signatures from the rsynch masters. If they ain't there, they
can't be copied to the mirrors.

Best

Mick=20
---------------------------------------------------------------------

 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 http://baldric.net

---------------------------------------------------------------------


--Sig_/sRQR2ZsTWCOCvuBVxsX5HES
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJT32WRAAoJEAof5gtbrdMS+ScP/1ZL1UYtISU5MfanZjF2KWUw
eZFRV779GDDz6wn0HDKbJ//BK7VTtsnuVwuhPoiJoGPdQtDkiVJFGfgZBlCOB2nt
qIIUp4SPHBz3bqJgwYtvpGrXgaBs/gr2SnADyTUBfjmj9u5F2C0CM06XiyGq6eeI
BgfZXtMtllCThC0u+ycw4MfuG6a+aJZzT7o01C1jT/VJduKxsQjKholRLSEmHOOW
YyW9alpz6nevc86n3WRAbS6dZAvuUyRa+GfBmfEc7dbouh/KxREs71D94TG0kOmI
/Wm2n0g2Z+W9OH3Eq1Sdrfmhi/mya2jT2Jmrs1ViVj358I0t5sDERlkaq184iWBq
BRfRu0/uNYHk2OTW6bVZhTz3rK+Z5I1F8vh7EQwwwjKOuNCVKCNEOb7fFzhipDE5
+ysS6U8lPPURukB3c6842QDO9m9TTWEKvjnNgbIM7/EX7SuLfg2sO11WrLUWIMoK
qnm/8qyfra5LrMncxY8PgBkY+ojP5d8M3pD8DC5EVg7p78spnsolwNjGRVrxf3Is
N6aCpjBHG5lfCISgcuVE4N9ubCq6OFTHx27Je4HfsTp21AqqbsGTRr+Oq5gRjqm2
wVwb+cJtdFRpvDlIEEliFQwo3Z665TTXjUNtPTZEAEXFHHShIvmJU2R/HN/yFTr1
u5BH1SEo0fZoDlrTJ4aG
=NdaJ
-----END PGP SIGNATURE-----

--Sig_/sRQR2ZsTWCOCvuBVxsX5HES--

--===============0906782867800820939==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0906782867800820939==--

