support issueshttps://gitlab.torproject.org/tpo/web/support/-/issues2024-03-28T00:29:36Zhttps://gitlab.torproject.org/tpo/web/support/-/issues/285unify tor installation per platform2024-03-28T00:29:36Znyxnorunify tor installation per platform<!--
* Use this issue template for suggesting new docs or updates to existing docs.
-->
### Problem to solve
<!-- Include the following detail as necessary:
-->
* What feature(s) affected?
* What docs or doc section affected? Include ...<!--
* Use this issue template for suggesting new docs or updates to existing docs.
-->
### Problem to solve
<!-- Include the following detail as necessary:
-->
* What feature(s) affected?
* What docs or doc section affected? Include links or paths.
* Is there a problem with a specific document, or a feature/process that's not addressed sufficiently in docs?
* Any other ideas or requests?
There is not unified tor installation per package manager. One can find for OpenBSD on the `relay/setup/guard` and `relay/setup/bridge`, in which the instructions differ.
### Further details
<!--
* Include use cases, benefits, and/or goals for this work.
* If adding content: What audience is it intended for? (What roles and scenarios?)
-->
* https://community.torproject.org/relay/setup/guard/openbsd/
* https://community.torproject.org/relay/setup/bridge/openbsd/
### Proposal
<!-- Further specifics for how can we solve the problem. -->
My proposal is to maintain a tor/installation or any other name to instruct on ho to install tor per platform. The relay/setup guides will refer to this documentation and them they will slim down to just contain information about how to configure the wanted relay type.
### Who can address the issue
<!-- What if any special expertise is required to resolve this issue? -->
@gus if possible, create a page https://community.torproject.org/tor/pkg-manager or something like it.ebanamebanam@torproject.orgebanamebanam@torproject.orghttps://gitlab.torproject.org/tpo/web/support/-/issues/264[HTTPS] Feedback on the HTTPS/Tor diagram2021-10-06T19:07:32Zchampionquizzerchampionquizzer@torproject.org[HTTPS] Feedback on the HTTPS/Tor diagramA user on twitter has provided us with some feedback:
1. "Suggest adding directional arrows to the *eavesdropping* and *data sharing* 'paths'." (https://twitter.com/dejacrypto/status/1444273276402946048)
2. "The white text against ora...A user on twitter has provided us with some feedback:
1. "Suggest adding directional arrows to the *eavesdropping* and *data sharing* 'paths'." (https://twitter.com/dejacrypto/status/1444273276402946048)
2. "The white text against orange background is almost unreadable on my MacBook Pro's screen. Suggest changing to black text. (I'm aware the entries are explained further down the webpage. Not of much help in noting the changes when the TOR & https buttons are activated.)" (https://twitter.com/dejacrypto/status/1444273806525227009)https://gitlab.torproject.org/tpo/web/support/-/issues/146Update debian repository instructions2021-09-08T15:56:28ZGusUpdate debian repository instructionsFrom Frontdesk:
https://support.torproject.org/apt/#apt-1
As well as the 'deb.torproject.org-keyring' package to use the signing key in a more secure manner. the problem is that "apt-key add -" saves the key to
/etc/apt/trusted.gpg.d/,...From Frontdesk:
https://support.torproject.org/apt/#apt-1
As well as the 'deb.torproject.org-keyring' package to use the signing key in a more secure manner. the problem is that "apt-key add -" saves the key to
/etc/apt/trusted.gpg.d/, and apt tries all the keys stored there to verify signatures of all repos.
third party repos should use /usr/share/keyrings/ for (non-ASCII-armored) keyrings and explicitly pin their repo to their own keyring, e.g.
deb [arch=amd64 signed-by=/usr/share/keyrings/tor_keyring.gpg] https://...
more on this can be found here:
https://wiki.debian.org/DebianRepository/UseThirdPartyGusGushttps://gitlab.torproject.org/tpo/web/support/-/issues/147Tor Browser Developer key is available on keys.openpgp.net2021-03-01T17:28:10ZGusTor Browser Developer key is available on keys.openpgp.netSince the key is now available on keys.openpgp.org:
https://keys.openpgp.org/search?q=torbrowser%40torproject.org
We should add this to How to verify signature: https://support.torproject.org/tbb/how-to-verify-signature/Since the key is now available on keys.openpgp.org:
https://keys.openpgp.org/search?q=torbrowser%40torproject.org
We should add this to How to verify signature: https://support.torproject.org/tbb/how-to-verify-signature/championquizzerchampionquizzer@torproject.orgchampionquizzerchampionquizzer@torproject.orghttps://gitlab.torproject.org/tpo/web/support/-/issues/121Feedback on https://support.torproject.org/tbb/how-to-verify-signature/ and s...2020-10-14T03:34:21ZGusFeedback on https://support.torproject.org/tbb/how-to-verify-signature/ and suggestions for making it easier to verify tor downloadsFeedback from frontdesk:
Hi, I recently installed tor (thanks so much for this great work). And I have some suggestions for improving the web page instructions to verify downloads. I'm referring to the instructions at https://support.to...Feedback from frontdesk:
Hi, I recently installed tor (thanks so much for this great work). And I have some suggestions for improving the web page instructions to verify downloads. I'm referring to the instructions at https://support.torproject.org/tbb/how-to-verify-signature/ and https://www.torproject.org/download/.
1. The download load page (https://www.torproject.org/download/) makes it tricky to understand how to get the signature. The download page on each of the choices has Signature (?). The ? page does take you to the how to verify sig page, but you have to know where to get the .asc file. I'm sure it's not obvious to naive users, it wasn't obvious to me either.
You might improve the UX of this page to somehow tell the users they need to download the appropriate .asc file.
2. On the how to verify page (https://support.torproject.org/tbb/how-to-verify-signature/), it states the .asc file is found where the download was. But it's a little tricky to figure out that what this really means is you go back one page, then click "save link as" on the 'signature'.
2.a Solution number (a) Download that page automatically when the user clicks on it, the .asc page. That's probably the best solution. On firefox it doesn't download. And on chrome it doesn't download either, it just shows that page. I'm left with copying and saving it through some other program, or "save-as" on that page.
2.b Update the text to be more clear.
Current text:
> Each file on our download page is accompanied by a file with the same name as the package and the extension ".asc". These .asc files are OpenPGP signatures. They allow you to verify the file you've downloaded is exactly the one that we intended you to get.
>
> For example, torbrowser-install-win64-9.0_en-US.exe is accompanied by torbrowser-install-win64-9.0_en-US.exe.asc. These are example file names and will not exactly match the file names that you download.
Suggested text. I highlighted my changes
> Each file on our download page is accompanied by a file with the same name as the package and the extension ".asc", **see the 'signature' files**. These .asc files are OpenPGP signatures. They allow you to verify the file you've downloaded is exactly the one that we intended you to get. **One way to get them is to download the 'signature' file. This varies by web browser, but there's usually an option like "download link" where you "right-click" the 'signature' link and save the file.**
>
> For example, torbrowser-install-win64-9.0_en-US.exe is accompanied by torbrowser-install-win64-9.0_en-US.exe.asc. These are example file names and will not exactly match the file names that you download.