[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #5092 [Torbutton]: "Disable updates during Tor usage" by default (AMO/Addons)
#5092: "Disable updates during Tor usage" by default (AMO/Addons)
-------------------------+--------------------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Torbutton | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
"Disable updates during Tor usage" is enabled by default. Does Firefox
check the certificate signature of AMO or can this update be subverted by
MITM via rogue CA (which is a realistic concern for Tor's threat model)?
Secondly, is it a good idea to trust AMO infrastructure and upstream
developers or shouldn't we first review the addon updates before deploying
to TBB users via updates signed by Torproject?
Usually this only concerns NoSript updates which happen frequently but
never are really high priority.
Eventually there'll be an autoupdate for the whole TBB anyway (so I
heard).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5092>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs