[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #5092 [Torbutton]: "Disable updates during Tor usage" by default (AMO/Addons)

To: undisclosed-recipients:;
Subject: [tor-bugs] #5092 [Torbutton]: "Disable updates during Tor usage" by default (AMO/Addons)
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sat, 11 Feb 2012 23:17:52 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 11 Feb 2012 18:18:03 -0500
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bug tracker status mails <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#5092: "Disable updates during Tor usage" by default (AMO/Addons)
-------------------------+--------------------------------------------------
 Reporter:  cypherpunks  |          Owner:  mikeperry
     Type:  defect       |         Status:  new      
 Priority:  normal       |      Milestone:           
Component:  Torbutton    |        Version:           
 Keywords:               |         Parent:           
   Points:               |   Actualpoints:           
-------------------------+--------------------------------------------------
 "Disable updates during Tor usage" is enabled by default. Does Firefox
 check the certificate signature of AMO or can this update be subverted by
 MITM via rogue CA (which is a realistic concern for Tor's threat model)?

 Secondly, is it a good idea to trust AMO infrastructure and upstream
 developers or shouldn't we first review the addon updates before deploying
 to TBB users via updates signed by Torproject?

 Usually this only concerns NoSript updates which happen frequently but
 never are really high priority.

 Eventually there'll be an autoupdate for the whole TBB anyway (so I
 heard).

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5092>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #5092 [Torbutton]: "Disable updates during Tor usage" by default (AMO/Addons)
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5092 [TorBrowserButton]: Sign Torbutton XPI updates (was: "Disable updates during Tor usage" by default (AMO/Addons))
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #5092 [TorBrowserButton]: Sign Torbutton XPI updates
  - From: Tor Bug Tracker & Wiki

Prev by Author: Re: [tor-bugs] #5091 [Tor Client]: tor_strtok_r_impl incompatible with strtok_r
Next by Author: Re: [tor-bugs] #5082 [Tor Client]: Tor cleans out environment before launching obfsproxy
Previous by thread: Re: [tor-bugs] #5091 [Tor Client]: tor_strtok_r_impl incompatible with strtok_r
Next by thread: Re: [tor-bugs] #5092 [Torbutton]: "Disable updates during Tor usage" by default (AMO/Addons)
Index(es):
- Author
- Thread