[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #6824 [Torouter]: Torrouter Update Mechanism
#6824: Torrouter Update Mechanism
----------------------+-----------------------------------------------------
Reporter: proper | Owner: ioerror
Type: task | Status: new
Priority: normal | Milestone:
Component: Torouter | Version:
Keywords: | Parent:
Points: | Actualpoints:
----------------------+-----------------------------------------------------
Changes (by ficus):
* cc: ficus@â (added)
Comment:
What is tpo?
I think following debian security updates plus having buttons in the web
interface to do full system upgrades (or dist-upgrades) is a good place to
start. Users should definitely be able to opt-out of any automatic updates
at all. I'm wary of engineering or over-thinking a complex solution to
this concern at this point. Delaying automatic updates to once a week
(random day of week) might be a good balance between timeliness of updates
and robustness against sudden failure (assuming it takes ~24 hours to
catch a problem with changes).
An update-from-usb-stick-at-boot mechanism is a good recovery mechanism,
but requires a non-reset button that could be held during boot (or perhaps
just a more sophisticated bootloader).
Some router distributions (pfSense) use a frame-buffer-like update
mechanism so changes can be reverted to last-known-good in case there are
problems after an update.
Should all updates be fetched through Tor? What if Tor is unavailable
because updates are required to connect to the network? I guess deciding
that would require threat modeling.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/6824#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs