Delivery-Date: Fri, 21 Aug 2015 00:22:45 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	FREEMAIL_FROM,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C6BB81E02F7;
	Fri, 21 Aug 2015 00:22:43 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 10A0A36ECB;
	Fri, 21 Aug 2015 04:22:37 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E7EE436E1E
 for <tor-talk@lists.torproject.org>; Fri, 21 Aug 2015 04:22:33 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id pV8e97-6dUCh for <tor-talk@lists.torproject.org>;
 Fri, 21 Aug 2015 04:22:33 +0000 (UTC)
Received: from forward2h.mail.yandex.net (forward2h.mail.yandex.net
 [IPv6:2a02:6b8:0:f05::2])
 by eugeni.torproject.org (Postfix) with ESMTP id B027C368A9
 for <tor-talk@lists.torproject.org>; Fri, 21 Aug 2015 04:22:33 +0000 (UTC)
X-Greylist: delayed 431 seconds by postgrey-1.34 at eugeni;
 Fri, 21 Aug 2015 04:22:33 UTC
Received: from web13h.yandex.ru (web13h.yandex.ru [IPv6:2a02:6b8:0:f05::23])
 by forward2h.mail.yandex.net (Yandex) with ESMTP id 89CA6700FCD
 for <tor-talk@lists.torproject.org>; Fri, 21 Aug 2015 07:14:55 +0300 (MSK)
Received: from 127.0.0.1 (localhost [127.0.0.1])
 by web13h.yandex.ru (Yandex) with ESMTP id 2611E23C107A;
 Fri, 21 Aug 2015 07:14:55 +0300 (MSK)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yandex.com; s=mail;
 t=1440130495; bh=Zz02eyktGH4ZU26mCbsaEKDh6OPXEdZ5W9rij4AjIr0=;
 h=From:To:Subject:Date;
 b=QffuemYNMDyJX/OFTdb8ljwwXmyi7EAeSCk77GCiJgIHCfDDiOc77nkPqgs32n/nv
 5LMx3Ujfe6/tX2Gq4sITtCs1eRqXl0lcfYivO6Q1o9Ks5Um7ubLcF79WRxFz3zpFPO
 M6Vpgi9t8M4A8ioy28npH2z44fMRdikS4Gs+k0SU=
Received: by web13h.yandex.ru with HTTP;
	Fri, 21 Aug 2015 07:14:54 +0300
From: Cain Ungothep <ungocain@yandex.com>
To: tor-talk@lists.torproject.org
MIME-Version: 1.0
Message-Id: <1235101440130494@web13h.yandex.ru>
X-Mailer: Yamail [ http://yandex.ru ] 5.0
Date: Fri, 21 Aug 2015 06:14:54 +0200
Subject: Re: [tor-talk] TBB update using offline/ downloaded tarball?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> This will upgrade the Linux x64 version from 4.5.3 to 5.0. To apply:
> 
> $ cd /path/to/tor-stuff
> $ rm -rf outside.old; mv outside outside.old; mkdir outside
> $ cp [.mar file] outside/update.mar
> $ cd [tor-browser directory]
> $ cp updater ../../outside
> $ ../../outside/updater ../../outside . .

You left out the part about verifying PGP signatures (!).

You're excused this time because the MAR format allows for (possibly
multiple) signatures and Tor developers do sign their MAR releases.  I
also expect the Tor Browser to fail tightly in case of unsigned/invalid
MAR files.  But for those that already decided what degree of trust to
put where, and are going the manual route anyway, checking a PGP
signature ex ante is in order.

See:  https://www.torproject.org/docs/verifying-signatures.html.en#MARVerification
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

