[tor-talk] TBB update mechanism
hansvader at airmail.cc
hansvader at airmail.cc
Fri Mar 6 06:54:04 UTC 2020
On 2020-03-02 07:58, Georg Koppen wrote:
> Hans Vader:
>> Dear TOR people,
>>
>> I have a question regarding the updating mechanism of tor browser from
>> within the browser.
>> These updates are signed I stronly suppose. I would like to know, does
>> checking these signatures depend on external programs like gpg? Is the
>> signature verification application for updates part of the browser
>> bundle itself?
>
> For updates we essentially use the Firefox updater and, yes, we are
> signing the update files.
>
Thanks for explaining.
Have there ever been serious flaws in that signature verification
mechanism?
Would you regard it safe enough for the paranoid among us or would you
advise to better download the full package and do the standard pgp
verification? I read from some people who only do the latter and donĀ“t
use the builtin updater.
Thanls
More information about the tor-talk
mailing list