Delivery-Date: Sun, 15 Nov 2015 05:37:50 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIM_ADSP_ALL,
	DKIM_SIGNED,RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3A7A41E042E;
	Sun, 15 Nov 2015 05:37:49 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 9F00438455;
	Sun, 15 Nov 2015 10:37:43 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 5CC3338442
 for <tor-talk@lists.torproject.org>; Sun, 15 Nov 2015 10:37:36 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 0ESP4lLgQ5rP for <tor-talk@lists.torproject.org>;
 Sun, 15 Nov 2015 10:37:36 +0000 (UTC)
Received: from metis.tribut.de (metis.tribut.de [78.46.43.195])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.tribut.de",
 Issuer "StartCom Class 2 Primary Intermediate Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 2CCB93843E
 for <tor-talk@lists.torproject.org>; Sun, 15 Nov 2015 10:37:36 +0000 (UTC)
Received: from webmail.tribut.de (localhost [127.0.0.1])
 by metis.tribut.de (Postfix) with ESMTP id 6605B13ECA9
 for <tor-talk@lists.torproject.org>; Sun, 15 Nov 2015 11:37:32 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tribut.de; s=dkim;
 t=1447583852; bh=+sz3dgbl1w6RPes9WVexjY3tgxwX4sH+KtTTi1pVOvU=;
 h=Date:From:To:Subject:In-Reply-To:References;
 b=HEeZYkIWoFZk4rVScjy55SR7D24aO0yVRiRSqSqK3BXHhSBpVMtK/I24MiS7djeah
 marTFOjf4VzV/nwakO4PyhUWJcNHJYeSP3zJRzPBoM+d5sDCFvumvHyeI85UqdH1gd
 b0svnXJRsjSNmHdWs9J6JUUGdpyKTKV5lP6wLWAN27psNIzkIvpb85rzrCfLxVJAv2
 IDz/Pj7exMBNEt8zQm0on2Qm45CMP7kbgOOJ5s/dP4H2VdWy8xwandazGT48gBBRFx
 Lz2OJCRTRcQo6iubHZCYXmJbdIOlMPzxRKtC7py85lh675PbAxuIXVZouEMxbESNR3
 1vw86+NqFaoeA==
MIME-Version: 1.0
Date: Sun, 15 Nov 2015 11:37:32 +0100
From: Felix Eckhofer <felix@tribut.de>
To: tor-talk@lists.torproject.org
In-Reply-To: <56485E67.6000401@openmailbox.org>
References: <56473E77.5060603@openmailbox.org> <56478155.6040008@riseup.net>
 <56485E67.6000401@openmailbox.org>
Message-ID: <5e2a42413af57a668d493703d8b50396@tribut.de>
X-Sender: felix@tribut.de
User-Agent: Roundcube Webmail
Subject: Re: [tor-talk] How can I verify that this "Onionshare" program is
 indeed the one intended for me to get?
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hey.

Am 15.11.2015 11:28, schrieb Qaz:
> How do I do the hashing? Sorry really ignorant about it. Do I just type
> sha256sum <file> ? Or what?

Hashing the deb is most likely not going to work. Having a build process 
that results in a bit-wise identical binary is a hard problem (search 
for "reproducible build" if you're interested). You should use the 
verification tools provided, that is the detached signature for 
pre-built binaries and the signed commits when building from source (see 
my other mail).


Regards
felix
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

