[tor-dev] Leif's important piece on update golden keys
spencerone at openmailbox.org
Mon Mar 7 17:07:56 UTC 2016
> Nathan Freitas:
> our goal is to remove any one
> person from having the authority
> to release an update.
If I understand correctly, this makes sense.
> judicially diverse or robust set of
Web of trust for warez; seems like a good idea.
> Can you explain this
Using OrFox as an example, a recently depreciated version had auto-update grayed out.
The current version resolved this but provides 'Enabled' and 'Wi-Fi only' as the two options, no way to opt-out.
In the world of usable security, this doesn't seem like an oversight to users and can degrade trust.
More information about the tor-dev