[tor-bugs] #10394 [Applications/Tor Browser]: Torbrowser's updater updates HTTPS-everywhere

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Jun 7 22:03:05 UTC 2020 

#10394: Torbrowser's updater updates HTTPS-everywhere
-------------------------------------------------+-------------------------
 Reporter:  StrangeCharm                         |          Owner:  tbb-
                                                 |  team
     Type:  task                                 |         Status:
                                                 |  needs_review
 Priority:  Medium                               |      Milestone:
Component:  Applications/Tor Browser             |        Version:
 Severity:  Normal                               |     Resolution:
 Keywords:  tbb-security, https-everywhere,      |  Actual Points:
  TorBrowserTeam202006R                          |
Parent ID:                                       |         Points:
 Reviewer:  gk                                   |        Sponsor:
-------------------------------------------------+-------------------------

Comment (by rustybird):

 Replying to [comment:46 gk]:
 > Once we disable updates for NoScript we want to make a signature check
 exception for it, too, because we don't want to be affected again by
 Mozilla messing up their signing certificate renewal. So, this would fit
 into a single patch together with HTTPS-Everywhere being exempted and its
 updates disabled.

 Ah, makes sense. Squash away!

 > What I *am* worried about is the additional review cost this move would
 imply because I think we should neither disable HTTPS-Everywhere's nor
 NoScript's update mechanism if we can't manage to track their releases and
 check whether those contain any new security issues or fixes for older
 ones.

 For new security issues, the status quo could be preserved by making the
 TB build system default to shipping not necessarily the very latest
 extension release, but the latest on AMO. This would transform AMO from an
 authority that can unilaterally approve updates, to just an additional
 code reviewer (who can be overridden).

 For old security issues, the status quo with `extensions.update.interval
 == 86400` is 24h worst case, so 12h on average until an approved update is
 applied; which comes after however much time AMO approval takes... Hmm,
 how fast could the TB release process actually upload an update, assuming
 it's only an extension version bump and nothing else?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10394#comment:47>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list