#10394: Torbrowser's updater updates HTTPS-everywhere --------------------------------------+-------------------------- Reporter: StrangeCharm | Owner: tbb-team Type: task | Status: reopened Priority: Medium | Milestone: Component: Applications/Tor Browser | Version: Severity: Normal | Resolution: Keywords: tbb-security | Actual Points: Parent ID: | Points: Reviewer: | Sponsor: --------------------------------------+--------------------------
Comment (by mcs): Replying to [comment:7 bugzilla]: > mcs, thanks for the clarification. But, > > Interim updates are still retrieved from addons.mozilla.org using the extension update mechanism > No. From EFF. Thanks. My mistake. > > so users can get updates if desired. > What does it mean (desired)? Update Add-ons Automatically is selected by default. It means users do have a way to disable updates if they want to do so. But most will keep the default setting. > > We use the same approach for NoScript. > No. But, maybe, it's better to use the same, because recent updates led to 5.2.0 on alpha, 5.1.x on stable and 5.2.1 on AMO. There is a policy question here: should we disable updates for bundled extensions. By allowing updates from EFF or AMO, we risk that users may get a version of an extension that is somehow incompatible with Tor Browser. But by allowing updates we ensure that users will have the latest (and hopefully most secure) versions of HTTPS-E and NoScript. -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10394#comment:8> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online _______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs