[tor-bugs] #5092 [Torbutton]: "Disable updates during Tor usage" by default (AMO/Addons)
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Sat Feb 11 23:17:52 UTC 2012
#5092: "Disable updates during Tor usage" by default (AMO/Addons)
-------------------------+--------------------------------------------------
Reporter: cypherpunks | Owner: mikeperry
Type: defect | Status: new
Priority: normal | Milestone:
Component: Torbutton | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
"Disable updates during Tor usage" is enabled by default. Does Firefox
check the certificate signature of AMO or can this update be subverted by
MITM via rogue CA (which is a realistic concern for Tor's threat model)?
Secondly, is it a good idea to trust AMO infrastructure and upstream
developers or shouldn't we first review the addon updates before deploying
to TBB users via updates signed by Torproject?
Usually this only concerns NoSript updates which happen frequently but
never are really high priority.
Eventually there'll be an autoupdate for the whole TBB anyway (so I
heard).
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/5092>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list