-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/03/2013 02:09 PM, Roger Dingledine wrote: > Longer term, the right answer is to use the Firefox update mechanism in > TBB 3.0 to update, in place, only the parts that need updating. > https://trac.torproject.org/projects/tor/ticket/4234 > > ...unless there are better answers? > > --Roger
I think that's a good option, but I have questions. Are firefox's certificates baked-in? Otherwise, this solution may open up security questions. If it's possible to include a Tor Project certificate, perhaps it would be better to do that and push updates to users. That would allow for shorter lag time between software updates and users receiving them. On the other hand, if Tor weren't used to update the browser bundle, fetching that url could cause the user to be flagged. Just thinking out loud. ~Griffin - -- "Cypherpunks write code not flame wars." --Jurre van Bergen #Foucault / PGP: 0xAE792C97 / OTR: [email protected] My posts are my own, not my employer's. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJSJk24AAoJEOMx/SmueSyXQB4P/RnLKun9q2k6IsjkfX4FU8sz NpHnIY1tONkqsYvK4FNRNgA2IRLUOFUe+qR/QBaenWgVK/63cssriHoI9fwAtvys jNVOaFyP1VwQeQ1oGd+KxpjxxJ776qBGxZnsLp++/33XPet6i6szbPLiNgM2Dnup oBltcXu2a20fgbjHFtP4WmPBQVafXdZ3tbJKc2Kuste+pRrWJS+iR9s20wf/N8Lm QI6OvB4H7IKUbZoxGABv0l+l3nv0cVH78zNe4fOBQOtJScAksqQVuh40JwaKDA94 AusrAwfupnsq4oTozmme7o/MObTFBeEVmdemLL0ws3+Q0RfVQTFZb3mM874GnQR8 tJqW1dKEBQLpp5qPFuoCqWIRR7w6SXQDyqHWn2DUSW5jeyT6+fN0Vu2d8vAGGLIS chZs/NMTSu97z57qZ4pjfWoDseUO0yCIZ3QEqfDsCwImLXKqioAYI+VSybyu40oS DXpOY1TSaYWiEpEosAEURt3HIDL6Q2BKCxo5Z7m7/Gi+GF3GQnc1Jda9i1D4reYV jeEBGrWc/Ifb/LprITPqDe+7rc9P893Z0oCJkP4E/GngGs1BMplFVues5ZBrTXKQ siBoh5wG4sjX3X9Z+P+zJo+BNybByO6aI8iMOeeiZJ6wtcfmA5PPH9YFUhELlTLy 2yBKtJuvngq7vW8oq7qA =/Ijc -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
