View Full Version : Who signs Mozilla software?
flurospar
August 11th, 2012, 05:50 PM
I have recently downloaded a tarball of Thunderbird, but certain things in it make me suspicious of whether someone has replaced it with a tampered version of Thunderbird.
Does anyone know the email address of the person who signs Mozilla software?
(I have a slow internet connection and downloading that thing takes an hour, and I am quite impatient.)
Thanks in advance,
CharlesA
August 11th, 2012, 05:58 PM
The official download page is here:
http://www.mozilla.org/en-US/thunderbird/all.html
Why not use the version that is in the repos?
Ms. Daisy
August 11th, 2012, 06:04 PM
If you're concerned about downloading stuff, then don't. Use what's in the software center.
You should check the md5 sum (https://help.ubuntu.com/community/HowToMD5SUM/) of stuff you're downloading anyway.
If you're suspicious of the source, then why are you downloading it? Don't know what emailing the signer at Mozilla would give you- if you don't trust Mozilla then why would you trust someone you email at Mozilla?
flurospar
August 11th, 2012, 06:19 PM
Unfortunately, they have GPG signatures for their downloads. I want the address of the person who signs the packages so that I may get his pubkey and verify the tarball.
CharlesA
August 11th, 2012, 06:35 PM
Unfortunately, they have GPG signatures for their downloads. I want the address of the person who signs the packages so that I may get his pubkey and verify the tarball.
Erm ok.
I guess you could look here:
http://support.mozilla.org/en-US/home
EDIT: What makes you think the tar is compromised? You never went into detail.
KiwiNZ
August 11th, 2012, 09:24 PM
Take this to the Mozilla Project, it is not an issue for ubuntu
Powered by vBulletin® Version 4.2.2 Copyright © 2024 vBulletin Solutions, Inc. All rights reserved.