[or-cvs] r12662: notes on an auto updater. not enough of a proposal to give i (tor/trunk/doc/spec/proposals)

arma at seul.org arma at seul.org
Tue Dec 4 13:18:33 UTC 2007 

Author: arma
Date: 2007-12-04 08:18:32 -0500 (Tue, 04 Dec 2007)
New Revision: 12662

Added:
   tor/trunk/doc/spec/proposals/xxx-auto-update.txt
Log:
notes on an auto updater. not enough of a proposal to give
it a number yet though.


Added: tor/trunk/doc/spec/proposals/xxx-auto-update.txt
===================================================================
--- tor/trunk/doc/spec/proposals/xxx-auto-update.txt	                        (rev 0)
+++ tor/trunk/doc/spec/proposals/xxx-auto-update.txt	2007-12-04 13:18:32 UTC (rev 12662)
@@ -0,0 +1,39 @@
+
+Notes on an auto updater:
+
+steve wants a "latest" symlink so he can always just fetch that.
+
+roger worries that this will exacerbate the "what version are you
+using?" "latest." problem.
+
+weasel suggests putting the latest recommended version in dns. then
+we don't have to hit the website. it's got caching, it's lightweight,
+it scales. just put it in a TXT record or something.
+
+but, no dnssec.
+
+roger suggests a file on the https website that lists the latest
+recommended version (or filename or url or something like that).
+
+(steve seems to already be doing this with xerobank. he additionally
+suggests a little blurb that can be displayed to the user to describe
+what's new.)
+
+how to verify you're getting the right file?
+a) it's https.
+b) ship with a signing key, and use some openssl functions to verify.
+c) both
+
+andrew reminds us that we have a "recommended versions" line in the
+consensus directory already.
+
+if only we had some way to point out the "latest stable recommendation"
+from this list. we could list it first, or something.
+
+the recommended versions line also doesn't take into account which
+packages are available -- e.g. on Windows one version might be the best
+available, and on OS X it might be a different one.
+
+aren't there existing solutions to this? surely there is a beautiful,
+efficient, crypto-correct auto updater lib out there. even for windows.
+

More information about the tor-commits mailing list