Package Details: tor-browser-en 6.0.8-1

Git Clone URL: https://aur.archlinux.org/tor-browser-en.git (read-only)
Package Base: tor-browser-en
Description: Tor Browser Bundle: Anonymous browsing using firefox and tor
Upstream URL: https://www.torproject.org/projects/torbrowser.html.en
Keywords: tor
Licenses: GPL
Submitter: Maxr
Maintainer: yar (jugs)
Last Packager: yar
Votes: 621
Popularity: 13.617480
First Submitted: 2011-10-14 19:30
Last Updated: 2016-12-13 20:27

Latest Comments

thinhakapete commented on 2017-01-24 09:37

@Alpha I got this too. Such a headache!!

Alpha commented on 2017-01-19 17:13

Such a headache!

gpg --keyserver pool.sks-keyservers.net --recv-keys 2E1AC68ED40814E0

simply doesn't work. please update package build. All this people having trouble and the available key in comment feedback this message,

gpg: keyserver receive failed: No keyserver available

beroal commented on 2017-01-19 12:32

@fightcookie: The Arch wiki recommends embedding key *fingerprints*. "validpgpkeys" exists in PKGBUILD of this package. So I don't understand what you don't like about this package.

fightcookie commented on 2017-01-19 11:31

If one adds the keys needed to verify this package (the ones you said we should add manually) to the keyring, these are used for all packages, rather than only for this package, if they are in the validpgpkeys array in the PKGBUILD.

The Arch wiki recommends embedding the pgp keys in the PKGBUILD, too ( https://wiki.archlinux.org/index.php/PKGBUILD#validpgpkeys )

beroal commented on 2017-01-15 10:33

@fightcookie: When "then"? Which "these keys"?

fightcookie commented on 2017-01-14 23:11

but then we would trust these keys for all packages?
isn't the validpgpkeys array in the pkgbuild exactly the right way of verifying only this package, as currently there are keys in there, too!? (but only the wrong ones) (see pkgbuild arch wiki)

optimal would be a mechanism for knowing when the pgp key for only this package changes...

beroal commented on 2017-01-14 07:00

@ratcheer: See my comment under "All comments."

ratcheer commented on 2017-01-12 20:00

I also get this problem with the AUR package:

tor-browser-linux64-6.0.8_en-US.tar.xz ... FAILED (unknown public key 2E1AC68ED40814E0)

fightcookie commented on 2017-01-06 02:11

Can you please change the validpgpkeys to the correct ones since the current ones are not the ones the paackage is signed with?
https://wiki.archlinux.org/index.php/PKGBUILD#validpgpkeys

pigmonkey commented on 2017-01-05 04:23

You may have a MITM. For me dist.torproject.org has a valid certificate from DigiCert.

Extended validation: No
Signature: SHA-256/RSA
Key: 2048 bits RSA
Common name: *.torproject.org
Issued to: The Tor Project, Inc.
Issued by: DigiCert Inc www.digicert.com
Validity: 4/14/2016 -- 5/29/2019
Fingerprint: 34:10:F9:2B:0C:7E:EC:81:86:EE:B3:F8:FC:B0:EC:01:DD:CD:90:FB:7F:0C:ED:17:FC:B9:A9:08:70:0C:6A:42

All comments