[tor-dev] Leif's important piece on update golden keys

Spencer spencerone at openmailbox.org
Mon Mar 7 17:07:56 UTC 2016


> Nathan Freitas:
> our goal is to remove any one 
> person from having the authority
> to release an update. 

If I understand correctly, this makes sense.

> judicially diverse or robust set of
> signatories.

Web of trust for warez; seems like a good idea.

> Can you explain this


Using OrFox as an example, a recently depreciated version had auto-update grayed out.

The current version resolved this but provides 'Enabled' and 'Wi-Fi only' as the two options, no way to opt-out.

In the world of usable security, this doesn't seem like an oversight to users and can degrade trust.


More information about the tor-dev mailing list