intrigeri: > adrelanos wrote (08 Dec 2012 13:02:54 GMT) : >> What if we had a Debian package which contains a Tor >> Browser updater? > > While working on the Tails incremental updates feature [1], > I discovered (thanks to Robert Ransom) that, in some threat models one > often considers when using Tor, upgrades are much harder to do safely > than I initially thought. I strongly suggest reading the TUF project's > documentation [2] to learn how much. > > [1] https://tails.boum.org/todo/incremental_upgrades/ > [2] https://www.updateframework.com/
Thanks, I read it. Quoted and a bit modified: "I believe it is at least as secure as the way users are currently able to manually check if a new TBB version is available, to download and to verify it." The script would be no less secure. It just automates the steps which users are currently supposed to do manually. Cheers, adrelanos _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
