[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] automatic Tor browser updates

On 2016-02-12 06:57, Cain Ungothep wrote:
On 02/08/2016 01:36 AM, Georg Koppen wrote:


When automatically updating, does Tor browser check GPG signatures of
downloaded updates before installing them?

The update files are not using GPG signatures (see:
https://wiki.mozilla.org/Software_Update:MAR for detailed information
about the MAR file format). They are signed, though, and the updater
refuses to install the update if the signature is non-existing or wrong.


Thank you.

For those who wish to update manually, is it sufficient to toggle
app.update.auto in about:config to false?

Seems so.  You will still be prompted to update through the MAR system,
but it won't happen automatically.

Today I discovered that TBB 5.5.2 automatically downloaded. That hasn't happened before. Normally I am prompted and manually download the tar bundle with the signature file which I check with gpg --verify.

I'm confused as to why this time I received an automatic download. Any thoughts?
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to