There was a good thread on this topic on the OSS-Security list, and
another, probably this list about 6 months ago.
It'd be worth studying Tor's Thandy, a secure update tool. I wish I
could recall why Tor abandoned Thandy, that might be important. :-(
There might be clues in Trac.
https://gitweb.torproject.org/thandy.git/blob/HEAD:/specs/thandy-spec.txt
https://trac.torproject.org/projects/tor/wiki/org/roadmaps/Thandy
BTW, when auditing auto-updates, don't both Windows and Apple use CDNs
like Akamai, to push out their new updates? I seem to recall some
Snowden-related articles mentioning CDNs including Akamai; a great place
for an adversary to update system binaries.
--
Liberationtech is public & archives are searchable on Google. Violations of
list guidelines will get you moderated:
https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change
to digest, or change password by emailing moderator at compa...@stanford.edu.
