[tor-talk] Interested in a Tor Browser update script for Debian, Ubuntu and derivatives?
adrelanos
adrelanos at riseup.net
Sat Dec 8 18:37:37 UTC 2012
intrigeri:
> adrelanos wrote (08 Dec 2012 13:02:54 GMT) :
>> What if we had a Debian package which contains a Tor
>> Browser updater?
>
> While working on the Tails incremental updates feature [1],
> I discovered (thanks to Robert Ransom) that, in some threat models one
> often considers when using Tor, upgrades are much harder to do safely
> than I initially thought. I strongly suggest reading the TUF project's
> documentation [2] to learn how much.
>
> [1] https://tails.boum.org/todo/incremental_upgrades/
> [2] https://www.updateframework.com/
Thanks, I read it.
Quoted and a bit modified:
"I believe it is at least as secure as the way users are currently able
to manually check if a new TBB version is available, to download and to
verify it."
The script would be no less secure. It just automates the steps which
users are currently supposed to do manually.
Cheers,
adrelanos
More information about the tor-talk
mailing list