Skip to content

GitLab

Trac
Trac

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed (moved)
Opened by cypherpunks@cypherpunks

CA pinning for the RPM repo

Since #12897 (moved) has been implemented RPM repo data is fetched using HTTPS.

To protect against SSL MITM attacks via compromized/rogue CAs I would suggest to implement CA pinning.

YUM provides an easy way to implement this. Simply add an additional line to your torproject.repo file [1]

sslcacert=/path/to/issuing-ca.pem

That pem file should be rpm-managed so you can easily update it in case you switch CA.

[1] https://www.torproject.org/docs/rpms.html.en

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information