[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] New Tor Browser Bundles with Firefox 6



On Aug 21, 2011, at 2:53 PM, Joe Btfsplk wrote:

> On 8/21/2011 5:51 AM, Runa A. Sandvik wrote:
>> Hi everyone,
>> 
>> We've updated the experimental Tor Browser Bundles to Firefox 6 and
>> all users are strongly encouraged to upgrade, as Firefox 6 fixes some
>> serious security issues present in Firefox 5. See
>> https://blog.torproject.org/blog/new-tor-browser-bundles-firefox-6 for
>> more information and download links.
> Thanks.  How "experimental" are they?  They are alpha releases, after all.  For most software, alpha releases are only intended for testing (most developers stress that point).  For something involving privacy / anonymity (depending on where you live), is using an alpha version for every day use advisable?  Yes, Firefox 6 fixes security issues, but TBB is alpha.

What you're doing here is switching from a bundle of software that has *known*, readily-exploitable security issues, to a bundle which fixes those particular issues but *might* have unknown security issues. Some of these unknown issues may have also existed in the previous version(s), some may be new. Since software will rarely, if ever, be "exploit-free", by upgrading in this manner you're taking a small risk of opening yourself up to new exploits in order to greatly reduce your risk of being exposed to current ones.

> I've always wondered about Tor Project's (perceived) different opinion that users should switch to a , b versions - vs. other developers' caution about using them.

In my experience, developers usually say this because they don't want to be held responsible (read: blamed) for compromising the stability of production machines. This applies to Tor as well, since the alpha and beta branches tend to crash more frequently than the stable branch does. But since the alpha and beta branches tend to include new features, and since the majority of new features in Tor are geared toward improving security, the same logic as above applies.

~Justin Aplin

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk