[tor-bugs] #10394 [Applications/Tor Browser]: Torbrowser's updater updates HTTPS-everywhere
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed Aug 24 13:31:58 UTC 2016
#10394: Torbrowser's updater updates HTTPS-everywhere
--------------------------------------+--------------------------
Reporter: StrangeCharm | Owner: tbb-team
Type: task | Status: reopened
Priority: Medium | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-security | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------------------+--------------------------
Comment (by mcs):
Replying to [comment:7 bugzilla]:
> mcs, thanks for the clarification. But,
> > Interim updates are still retrieved from addons.mozilla.org using the
extension update mechanism
> No. From EFF.
Thanks. My mistake.
> > so users can get updates if desired.
> What does it mean (desired)? Update Add-ons Automatically is selected by
default.
It means users do have a way to disable updates if they want to do so. But
most will keep the default setting.
> > We use the same approach for NoScript.
> No. But, maybe, it's better to use the same, because recent updates led
to 5.2.0 on alpha, 5.1.x on stable and 5.2.1 on AMO.
There is a policy question here: should we disable updates for bundled
extensions. By allowing updates from EFF or AMO, we risk that users may
get a version of an extension that is somehow incompatible with Tor
Browser. But by allowing updates we ensure that users will have the latest
(and hopefully most secure) versions of HTTPS-E and NoScript.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10394#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list