[tor-bugs] #8341 [TorBirdy]: torbirdy seems to set thunderbird to automantically check for updates
Tor Bug Tracker & Wiki
blackhole at torproject.org
Fri Jul 19 04:59:10 UTC 2013
#8341: torbirdy seems to set thunderbird to automantically check for updates
----------------------------------------+-----------------------------------
Reporter: cypherpunks | Owner: sukhbir
Type: defect | Status: assigned
Priority: normal | Milestone:
Component: TorBirdy | Version:
Keywords: automatic updates torbirdy | Parent:
Points: | Actualpoints:
----------------------------------------+-----------------------------------
Comment(by mikeperry):
I don't think Torbirdy should force this pref either to on or to off.
While I agree that it should be enabled, the auto-updater is problematic
to force because there are good reasons not to trust it fully right now,
primarily among them is the incomplete pinning support for the Mozilla
update server cert. Last I checked they pin only the CA, and not the
actual leaf key (though this will be improving soon).
Perhaps what you can do instead of forcing prefs like this is have a part
of the setup wizard or some other popup dialog that tells the user about
potentially insecure prefs, with a checkbox for "Never ask again" and a
button that says "Set all of these prefs to the recommended settings".
See nsIPromptService.confirmEx() for a ready-made prompting API that could
be used for this:
https://developer.mozilla.org/en-
US/docs/XPCOM_Interface_Reference/nsIPromptService#confirmEx%28%29
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8341#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list