[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2285 [Tor Check]: check.tpo should list current versions of Tor Project software



#2285: check.tpo should list current versions of Tor Project software
-----------------------+----------------------------------------------------
 Reporter:  rransom    |          Owner:  phobos                       
     Type:  defect     |         Status:  assigned                     
 Priority:  major      |      Milestone:  TorBrowserBundle 2.2.x-stable
Component:  Tor Check  |        Version:                               
 Keywords:  Bounty     |         Parent:                               
   Points:             |   Actualpoints:                               
-----------------------+----------------------------------------------------
Changes (by mikeperry):

 * cc: erinn, arma (added)


Comment:

 Ok, I think I have a plan here that should cover all of the above
 comments.

 Backwards compatible upgrade notification plan:
 We change TBB (via torbutton) to first fetch the recommended versions from
 check as an XML document, perhaps via
 https://check.torproject.org/?GetRecommendedVersions. If Torbutton sees
 that the user's TBB is present in this list, it fetches a normal
 check.torproject.org page, possibly
 https://www.check.torproject.org/?needupdate=false&lang=LANG. However, if
 Torbutton doesn't see the current TBB version in the list of recommended
 versions, it fetches
 https://check.torproject.org/?needupdate=true&lang=LANG.

 Since current TBB fetches https://check.torproject.org/?small=1&lamg=LANG,
 we can notify old TBB users that they need to upgrade by simply
 redirecting the "small=1" version of the page to the "needupdate=true"
 page. This way, we can get those old (and almost certainly vulnerably tp
 firefox exploits by now, for any value of "now") users to upgrade, too.

 If the user enters check.torproject.org themselves without any params, it
 will behave as it does now, without any upgrade recommendations. This
 avoids the concerns arma had about training the user to go to a url that
 tells them to install more random software.

 Sound like a plan?

 All we need to get started on this is a way to pull the version list
 produced by #3504.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2285#comment:25>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs