[tor-dev] Leif's important piece on update golden keys
Spencer
spencerone at openmailbox.org
Mon Mar 7 17:07:56 UTC 2016
Hi,
>
> Nathan Freitas:
> our goal is to remove any one
> person from having the authority
> to release an update.
>
If I understand correctly, this makes sense.
>
> judicially diverse or robust set of
> signatories.
>
Web of trust for warez; seems like a good idea.
>
> Can you explain this
>
Ofc.
Using OrFox as an example, a recently depreciated version had auto-update grayed out.
The current version resolved this but provides 'Enabled' and 'Wi-Fi only' as the two options, no way to opt-out.
In the world of usable security, this doesn't seem like an oversight to users and can degrade trust.
Wordlife,
Spencer
More information about the tor-dev
mailing list