[tor-dev] Leif's important piece on update golden keys

Spencer spencerone at openmailbox.org
Mon Mar 7 17:07:56 UTC 2016


Hi,

> 
> Nathan Freitas:
> our goal is to remove any one 
> person from having the authority
> to release an update. 
> 

If I understand correctly, this makes sense.

> 
> judicially diverse or robust set of
> signatories.
> 

Web of trust for warez; seems like a good idea.

>
> Can you explain this
> 

Ofc. 

Using OrFox as an example, a recently depreciated version had auto-update grayed out.

The current version resolved this but provides 'Enabled' and 'Wi-Fi only' as the two options, no way to opt-out.

In the world of usable security, this doesn't seem like an oversight to users and can degrade trust.


Wordlife,
Spencer





More information about the tor-dev mailing list