[tor-talk] automatic Tor browser updates
blobby at openmailbox.org
blobby at openmailbox.org
Sat Feb 13 23:16:32 UTC 2016
On 2016-02-12 06:57, Cain Ungothep wrote:
>> On 02/08/2016 01:36 AM, Georg Koppen wrote:
>>
>>> Mirimir:
>>>
>>>> When automatically updating, does Tor browser check GPG signatures
>>>> of
>>>> downloaded updates before installing them?
>>>
>>> The update files are not using GPG signatures (see:
>>> https://wiki.mozilla.org/Software_Update:MAR for detailed information
>>> about the MAR file format). They are signed, though, and the updater
>>> refuses to install the update if the signature is non-existing or
>>> wrong.
>>>
>>> Georg
>>
>> Thank you.
>>
>> For those who wish to update manually, is it sufficient to toggle
>> app.update.auto in about:config to false?
>
> Seems so. You will still be prompted to update through the MAR system,
> but it won't happen automatically.
Today I discovered that TBB 5.5.2 automatically downloaded. That hasn't
happened before. Normally I am prompted and manually download the tar
bundle with the signature file which I check with gpg --verify.
I'm confused as to why this time I received an automatic download. Any
thoughts?
More information about the tor-talk
mailing list