[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TBB update mechanism

On 2020-03-02 07:58, Georg Koppen wrote:
Hans Vader:
Dear TOR people,

I have a question regarding the updating mechanism of tor browser from
within the browser.
These updates are signed I stronly suppose. I would like to know, does
checking these signatures depend on external programs like gpg? Is the
signature verification application for updates part of the browser
bundle itself?

For updates we essentially use the Firefox updater and, yes, we are
signing the update files.

Thanks for explaining.
Have there ever been serious flaws in that signature verification mechanism? Would you regard it safe enough for the paranoid among us or would you advise to better download the full package and do the standard pgp verification? I read from some people who only do the latter and don´t use the builtin updater.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to