[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #8341 [TorBirdy]: torbirdy seems to set thunderbird to automantically check for updates

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #8341 [TorBirdy]: torbirdy seems to set thunderbird to automantically check for updates
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Fri, 19 Jul 2013 04:59:10 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 19 Jul 2013 00:59:21 -0400
In-reply-to: <051.bf8170a79ebba45353f65503b4f6478c@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.bf8170a79ebba45353f65503b4f6478c@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#8341: torbirdy seems to set thunderbird to automantically check for updates
----------------------------------------+-----------------------------------
 Reporter:  cypherpunks                 |          Owner:  sukhbir 
     Type:  defect                      |         Status:  assigned
 Priority:  normal                      |      Milestone:          
Component:  TorBirdy                    |        Version:          
 Keywords:  automatic updates torbirdy  |         Parent:          
   Points:                              |   Actualpoints:          
----------------------------------------+-----------------------------------

Comment(by mikeperry):

 I don't think Torbirdy should force this pref either to on or to off.
 While I agree that it  should be enabled, the auto-updater is problematic
 to force because there are good reasons not to trust it fully right now,
 primarily among them is the incomplete pinning support for the Mozilla
 update server cert. Last I checked they pin only the CA, and not the
 actual leaf key (though this will be improving soon).

 Perhaps what you can do instead of forcing prefs like this is have a part
 of the setup wizard or some other popup dialog that tells the user about
 potentially insecure prefs, with a checkbox for "Never ask again" and a
 button that says "Set all of these prefs to the recommended settings".

 See nsIPromptService.confirmEx() for a ready-made prompting API that could
 be used for this:
 https://developer.mozilla.org/en-
 US/docs/XPCOM_Interface_Reference/nsIPromptService#confirmEx%28%29

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8341#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #9286 [Tor]: ordb1 uses milliseconds in its descriptor, spec says it can't
Next by Author: Re: [tor-bugs] #9286 [Tor]: ordb1 uses milliseconds in its descriptor, spec says it can't
Previous by thread: Re: [tor-bugs] #9123 [Tor bundles/installation]: Raspberry Pi fails to launch - "Illegal instruction"
Next by thread: [tor-bugs] #9296 [Tor]: seg fault in cell_queue_append()
Index(es):
- Author
- Thread