Skip to content

GitLab

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in
Trac
Trac
  • Project overview
    • Project overview
    • Details
    • Activity
  • Issues 246
    • Issues 246
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
  • Operations
    • Operations
    • Metrics
    • Incidents
  • Analytics
    • Analytics
    • Value Stream
  • Wiki
    • Wiki
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Create a new issue
  • Issue Boards

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

  • Legacy
  • TracTrac
  • Issues
  • #8286

Closed
Open
Opened Feb 20, 2013 by Jacob Appelbaum@ioerror

Fetch software during TBB build process only over trusted HTTPS

Currently, we fetch software using wget and we do so with all certificate checking disabled. I believe we should have a mirror of all the source code that we expect people to download and we should offer it over HTTPS.

I've put up such a mirror here as a proof of concept: https://people.torproject.org/~ioerror/src/mirrors/

I'll attach some patches to help ensure that we allow wget to verify the HTTPS cert and to ensure that we use the secure mirror.

Later, we can find a location for a mirror that is more permanent as this improves the security of the build process tremendously. It also improves the reliability as some of the download sites are extremely slow or use protocols that are prone to censorship. :(

Thoughts?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
None
Milestone
None
Assign milestone
Time tracking
None
Due date
None
Reference: legacy/trac#8286