[tor-dev] Why not use The Update Framework? (TUF)

adrelanos adrelanos at riseup.net
Thu Aug 8 09:07:44 UTC 2013

Nick Mathewson:
> TUF was a successor/fork of Thandy, not the predecessor:

Sure. (Thats what I meant to write. :)

>> TUF is written in python, and after all those years, TUF developers are
>> still maintaining it and actively developing it. I think in future TUF
>> will become a mature and widespread solution. Also work is being done to
>> let pip (the python library installer) internally use TUF. So it can't
>> be so bad after all?
>> If you have discussed this and reasons for rejecting, fine. Just wanted
>> to throw it in, because I think basing this feature on another active
>> project (TUF) works better than reinventing the wheel.
> Well, it's not like the Firefox updater isn't an active project
> either. 


> The advantage of using the FF updater are:
>     * Actually proven to update Firefox. (That's a big one; updating a
> running application in a cross-platform, user-friendly way is much
> harder than the "replace files with the latest version" problem.)

I see.

>     * Smaller marginal increase in Windows bundle size, since it
> doesn't require a Python interpreter or py2exe runtime for TBBs that
> don't ship that.
>     * Used in production by orders of magnitude more people.
>     * Has even more maintainers and developers.
>     * Is even more mature and widespread.
>     * Likelier to be doable fast by the people working on TBB today, we think.

Good points.

> In the Munich meeting, we weren't sure what the exact disadvantages
> are yet; perhaps once we've reviewed the state of the art with FF's
> updater, we'll run screaming for the hills. Likely disadvantages
> include the kind of stuff that most non-Thandy, non-TUF systems suffer
> from.
> That said, who knows? If the distance from where FF is to where it
> needs to be is too big, we might be wrong.  The answer might be to end
> up with porting the important parts of TUF/Thandy (metadata
> management) to Javascript, and leaving the stuff that Firefox does
> especially well (download updates and apply them in a robust and
> user-friendly way) as-is.
> (BTW, a thought I had: one subtle flaw of the meeting summary format
> [and of most of the online stuff I write, I guess] is that it doesn't
> do a good job of distinguishing between "I'm sure about this! It's
> decided forever"; "I'm pretty sure about this, but let's talk more as
> we go forward"; and "I dunno, seems like a good idea, let's try it."
> So when you write stuff like that, there's always a risk that you'll
> sound like you're dropping ukazes when you're really just trying to
> make the best decision you can today, subject to revision tomorrow. So
> thanks for asking!)

Sounds very reasonable. Thank you, Nick for explaining that to me.

More information about the tor-dev mailing list