[tor-bugs] #6824 [Torouter]: Torrouter Update Mechanism
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Mon Sep 17 21:58:29 UTC 2012
#6824: Torrouter Update Mechanism
----------------------+-----------------------------------------------------
Reporter: proper | Owner: ioerror
Type: task | Status: new
Priority: normal | Milestone:
Component: Torouter | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Changes (by ficus):
* cc: ficus@… (added)
Comment:
What is tpo?
I think following debian security updates plus having buttons in the web
interface to do full system upgrades (or dist-upgrades) is a good place to
start. Users should definitely be able to opt-out of any automatic updates
at all. I'm wary of engineering or over-thinking a complex solution to
this concern at this point. Delaying automatic updates to once a week
(random day of week) might be a good balance between timeliness of updates
and robustness against sudden failure (assuming it takes ~24 hours to
catch a problem with changes).
An update-from-usb-stick-at-boot mechanism is a good recovery mechanism,
but requires a non-reset button that could be held during boot (or perhaps
just a more sophisticated bootloader).
Some router distributions (pfSense) use a frame-buffer-like update
mechanism so changes can be reverted to last-known-good in case there are
problems after an update.
Should all updates be fetched through Tor? What if Tor is unavailable
because updates are required to connect to the network? I guess deciding
that would require threat modeling.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6824#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list