Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Opened by Robert Ransom@rransom

BridgeDB must GPG-sign outgoing mails

To protect users against attacks in which someone forges an e-mail message which appears to be sent by BridgeDB, but which contains malicious bridges intended to target a specific user, BridgeDB must start GPG-signing its outgoing e-mail messages.

BridgeDB must also include the address to which it sent a message in the GPG-signed text, and warn users that they should verify that BridgeDB messages are GPG-signed and that the e-mail address in the signed message matches the e-mail address which the user requested bridges with.