[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #2285 [Tor Check]: check.tpo should list current versions of Tor Project software
#2285: check.tpo should list current versions of Tor Project software
-------------------------+--------------------------------------------------
Reporter: rransom | Owner: nickm
Type: enhancement | Status: new
Priority: major | Milestone: Tor Check Enhancements
Component: Tor Check | Version:
Keywords: | Parent: #2880
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by mikeperry):
Replying to [comment:6 arma]:
> Replying to [comment:3 mikeperry]:
> > Replying to [comment:2 rransom]:
> > > We should do this because we have no other way to inform users of
current and old versions of TBB that a newer version is available.
> >
> > Instead of a huge list that no one will ever read or even look at, we
could pass a version to check.tp.o from TBB, since it is the home page of
TBB. Then the verbiage on check.tp.o can still remain concise, perhaps
simply displaying an orange onion if your version is out of date.
>
> Right, the way noscript passes its version in to the web page it loads
so it can either tell you the new features of your new version or "you
aren't running the newest version". I agree that it's not a perfect
solution, but I think it would work as the stop-gap Mike hopes for.
>
> I also wouldn't object to putting a 'latest TBB version' number on the
check page. We can already distinguish TBB requests I believe (is this
true?), so we could put it just for them. We could even tell every TBB
request that doesn't specify a version that it is out of date.
We can actually also use Torbutton to implement this better than actually
passing the version. On browser startup, it could fetch the recommended
version list from check and actually have the browser fetch the yellow
page if the version wasn't recommended rather than telling the server the
version number explicitly. This may not be substantially better if you
don't trust the server.. The yellow page would still be the target for
exploit payloads, but at least you wouldn't have an exact version number.
This may also make it easier to go the automatic toggle solution at
startup, improving the situation for #2338.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2285#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs