Hey Dan, if mosh implemented an update check it should be done securely, via HTTPS etc. (See the big kerfluffle going on atm with keepass not doing secure updates/checking etc)
Not only is there the possibility of a MITM forcing a backdoored update or backdoored link, but they can MITM and report that there is no updates available when in reality there is, then use this to exploit a bug in the unupdated older version. On Thu, Jun 9, 2016 at 7:52 AM, Dan Mahoney, System Admin <d...@prime.gushi.org> wrote: > Hey all, > > Would it be possible to have mosh (from the command line) periodically > check some server somewhere (perhaps a DNS TXT record or something > similar) for available updates? > > -Dan > > -- > > --------Dan Mahoney-------- > Techie, Sysadmin, WebGeek > Gushi on efnet/undernet IRC > ICQ: 13735144 AIM: LarpGM > Site: http://www.gushi.org > --------------------------- > > _______________________________________________ > mosh-devel mailing list > mosh-devel@mit.edu > http://mailman.mit.edu/mailman/listinfo/mosh-devel _______________________________________________ mosh-devel mailing list mosh-devel@mit.edu http://mailman.mit.edu/mailman/listinfo/mosh-devel
